Cisco BGP-4 Command and Configuration Handbook

 < Free Open Study > 

8-18 neighbor { ip-address peer- group - name } password password

Syntax Description:

  • ip-address Neighbor's IP address.

  • peer-group-name Name of the peer group. See section 8-19.

  • password Case-sensitive password. The length of the password can be up to 80 characters . The first character of the password cannot be a number. The password can contain any alphanumeric characters, including spaces. For operational reasons, do not use a space after a number.

Purpose: To enable Message Digest 5 (MD5) authentication on a TCP connection between two BGP peers.

Cisco IOS Software Release: 11.0

Configuration Example: Enabling MD5 Authentication on a TCP Connection Between BGP Peers

The network shown in Figure 8-18 is used to demonstrate password configuration between neighbors.

Figure 8-18. Authentication of a BGP Connection

Router A router bgp 1 neighbor 10.1.1.2 remote-as 2 neighbor 10.1.1.2 password cisco ___________________________________________________________________________ Router B router bgp 2 neighbor 10.1.1.1 remote-as 1 neighbor 10.1.1.1 password cisco

When a password is configured on the first neighbor, the BGP connection is terminated . When the password on the second neighbor is configured, the BGP session is reestablished.

Verification

Verification is easy. If the neighbors are in the Established state, authentication is working.

Troubleshooting

  1. Verify that the BGP neighbors are in the Established state using the show ip bgp neighbors command.

    If the neighbor relationship is not in the Established state, see section 8-23.

  2. If the neighbors are not in the Established state, there are two possibilities. Either one neighbor has not been configured with a password, or there is a password mismatch between the neighbors.

    If only one neighbor has a password configured, you see a message similar to the following:

    1d15h: %TCP-6-BADAUTH: No MD5 digest from 10.1.1.1:179 to 10.1.1.2:11028

    If there is a password mismatch, the following message is generated:

    1d15h: %TCP-6-BADAUTH: Invalid MD5 digest from 10.1.1.1:11018 to 10.1.1.2:179

 < Free Open Study > 
Related

Категории