BGP authentication configuration example
BGP authentication is provided through TCP Option 19, the MD5 hash.
We will use Cisco IOS routers in this example.Here is the basic BGP authentication configurations:
on R1:
router bgp 100
neighbor 10.10.10.2 remote-as 200
neighbor 10.10.10.2 password PASSWORD1
on R2:
router bgp 200
neighbor 10.10.10.1 remote-as 100
neighbor 10.10.10.1 password PASSWORD1
R2#show ip bgp neighbors 10.10.10.1 | include BGP state|Flags
BGP state = Established, up for 00:01:38
Flags: active open, nagle, md5
We will change the BGP password at one of the routers for testing:
R2(config)#router bgp 200
R2(config-router)#neighbor 10.10.10.1 password PASSWORD2
R2(config-router)#end
R2#clear ip bgp *
%BGP-5-ADJCHANGE: neighbor 10.10.10.1 Down User reset
%TCP-6-BADAUTH: Invalid MD5 digest from 10.10.10.1(179) to 192.10.1.2(19999)
We understand that the passwords must be matched.
BGP authentication is provided through TCP Option 19, the MD5 hash.
We will use Cisco IOS routers in this example.Here is the basic BGP authentication configurations:
on R1:
router bgp 100
neighbor 10.10.10.2 remote-as 200
neighbor 10.10.10.2 password PASSWORD1
on R2:
router bgp 200
neighbor 10.10.10.1 remote-as 100
neighbor 10.10.10.1 password PASSWORD1
R2#show ip bgp neighbors 10.10.10.1 | include BGP state|Flags
BGP state = Established, up for 00:01:38
Flags: active open, nagle, md5
We will change the BGP password at one of the routers for testing:
R2(config)#router bgp 200
R2(config-router)#neighbor 10.10.10.1 password PASSWORD2
R2(config-router)#end
R2#clear ip bgp *
%BGP-5-ADJCHANGE: neighbor 10.10.10.1 Down User reset
%TCP-6-BADAUTH: Invalid MD5 digest from 10.10.10.1(179) to 192.10.1.2(19999)
We understand that the passwords must be matched.
No comments:
Post a Comment