Simple
Supports Message Digest 5 (MD5) algorithm
Not mandatory
Incase used both the peers should have same password to form BGP neighborship.
R1
==============
config t
hostname R1
int eth1/0
ip add 12.1.1.1 255.255.255.0
no shut
exit
exit
config t
int loopback 0
ip add 1.1.1.1 255.255.255.255
exit
exit
config t
ip route 2.2.2.2 255.255.255.255 eth1/0
R2
==============
config t
hostname R2
int eth1/0
ip add 12.1.1.2 255.255.255.0
no shut
exit
exit
config t
int loopback 0
ip add 2.2.2.2 255.255.255.255
exit
exit
config t
ip route 1.1.1.1 255.255.255.255 eth1/0
BGP Configuration
=====================
R1
====
config t
router bgp 100
neighbor 2.2.2.2 remote-as 200
neighbor 2.2.2.2 update-source loopback 0
neighbor 2.2.2.2 ebgp-multihop 255
neighbor 2.2.2.2 soft-reconfiguration in
exit
exit
R2
====
config t
router bgp 200
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source loopback 0
neighbor 1.1.1.1 ebgp-multihop 255
neighbor 1.1.1.1 soft-reconfiguration in
exit
exit
BGP Authentication Configuration
==================================
R1
====
R1(config)#
R1(config)#router bgp 100
R1(config-router)#neighbor 2.2.2.2 password ?
<0-7> Encryption type (0 to disable encryption, 7 for proprietary)
LINE The password
R1(config-router)#neighbor 2.2.2.2 password cisco123
R1(config-router)#exit
R1(config)#
R1(config)#exit
*Mar 13 14:09:37.667: %TCP-6-BADAUTH: Invalid MD5 digest from 2.2.2.2(33269) to 1.1.1.1(179) tableid - 0
*Mar 13 14:09:39.663: %TCP-6-BADAUTH: Invalid MD5 digest from 2.2.2.2(33269) to 1.1.1.1(179) tableid - 0
*Mar 13 14:09:43.671: %TCP-6-BADAUTH: Invalid MD5 digest from 2.2.2.2(33269) to 1.1.1.1(179) tableid - 0
*Mar 13 14:09:51.671: %TCP-6-BADAUTH: Invalid MD5 digest from 2.2.2.2(33269) to 1.1.1.1(179) tableid - 0
Lets quickly configure on R2 also
R2
====
config t
router bgp 200
neighbor 1.1.1.1 password cisco123
exit
After configuration the neighborship is now up
Logs on R1
=================
*Mar 13 14:12:31.591: %TCP-6-BADAUTH: Invalid MD5 digest from 2.2.2.2(27868) to 1.1.1.1(179) tableid - 0
*Mar 13 14:12:39.591: %TCP-6-BADAUTH: Invalid MD5 digest from 2.2.2.2(27868) to 1.1.1.1(179) tableid - 0
*Mar 13 14:13:01.599: %BGP-5-ADJCHANGE: neighbor 2.2.2.2 Up
R1#sh ip bgp summary
BGP router identifier 1.1.1.1, local AS number 100
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2.2.2.2 4 200 4 5 1 0 0 00:00:48 0
Now I have configured wrong password on R2
R2(config)#router bgp 200
R2(config-router)#neighbor 1.1.1.1 password cisco
R2(config-router)#exit
R2(config)#exit
Logs on R1
=================
*Mar 13 14:17:13.019: %TCP-6-BADAUTH: Invalid MD5 digest from 2.2.2.2(27879) to 1.1.1.1(179) tableid - 0
*Mar 13 14:17:35.879: %TCP-6-BADAUTH: Invalid MD5 digest from 2.2.2.2(20365) to 1.1.1.1(179) tableid - 0
*Mar 13 14:17:37.879: %TCP-6-BADAUTH: Invalid MD5 digest from 2.2.2.2(20365) to 1.1.1.1(179) tableid - 0
*Mar 13 14:17:40.219: %TCP-6-BADAUTH: Invalid MD5 digest from 2.2.2.2(179) to 1.1.1.1(13155) tableid - 0
*Mar 13 14:17:41.879: %TCP-6-BADAUTH: Invalid MD5 digest from 2.2.2.2(20365) to 1.1.1.1(179) tableid - 0
R1#sh ip bgp summary
BGP router identifier 1.1.1.1, local AS number 100
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2.2.2.2 4 200 0 0 1 0 0 00:01:07 Active
R2#sh ip bgp sum
BGP router identifier 2.2.2.2, local AS number 200
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 100 0 0 1 0 0 00:02:15 Active
Now lets switchback and make the correction in password
& neigbhorship is up
R2#sh ip bgp sum
BGP router identifier 2.2.2.2, local AS number 200
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 100 4 4 1 0 0 00:00:05 0
R1#sh run | section bgp
router bgp 100
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 200
neighbor 2.2.2.2 password cisco123
neighbor 2.2.2.2 ebgp-multihop 255
neighbor 2.2.2.2 update-source Loopback0
neighbor 2.2.2.2 soft-reconfiguration inbound
R2#sh run | sec bgp
router bgp 200
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 password cisco123
neighbor 1.1.1.1 ebgp-multihop 255
neighbor 1.1.1.1 update-source Loopback0
neighbor 1.1.1.1 version 4
neighbor 1.1.1.1 soft-reconfiguration inbound
Thanks for Reading !!!!
amartechstuff
No comments:
Post a Comment