Orbit-Computer Solutions.Com

Computer Training & CCNA Networking Solutions
Chika Nwokeoma, EzineArticles.com Basic Author
 
 
 
 
Add to Favorite

How To Authenticate MD5 for BGP Peers

You can authenticate your BGP peer connection to help prevent interference  with your routing tables.
The BGP protocol includes an MD5-based authentication system for authenticating peers relationship. 
To enable MD5 authentication for BGP peers, use the command:
 neighbor {ip-address | peer-group-name} password string command under the BGP router configuration mode.
We use the network topology below as an example.
 
BGP Perrs Authentication
 
 
 
RHQ#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
RHQ(config)#router bgp 3500
RHQ(config-router)#neighbor 10.10.10.2 remote-as 3501
RHQ(config-router)#neighbor 10.10.10.2 password orbitA1F173D24
RHQ(config-router)#end
RHQ#
 
The same Authentication password must be configured on both routers:

RBRANCH#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
RBRANCH(config)#router bgp 3501
RBRANCH(config-router)#neighbor 10.10.10.1 remote-as 3500
RBRANCH(config-router)#neighbor 10.10.10.1 password orbitA1F173D24
RBRANCH(config-router)#end
RBRANCH#
 
 
Border Gateway Protocol (BGP) routing peers can be configured with Message Digest 5 (MD5) algorithm which is used to support routing authentication. The Message Digest 5 (MD5) authentication is a standard part of BGP Version 4 that was introduced in RFC 2385. When Message Digest 5 authentication is enabled on BGP peers, any routing segment via Transmission Control Protocol (TCP) exchanged between BGP peers is verified and established. BGP peers must be configured with the same password for BGP neighbor relationship or connection to be established. 
 
BGP authentication can be very useful because it makes it more difficult for an authorized or malicious user to disrupt your network routing tables. It will even be significantly difficult when your router have been enabled with the service password-encryption global configuration command which enables the router to store the command using the Cisco proprietary type 7 encryption:

!
router bgp 3500
neighbor 10.10.10.2 remote-as 3501
neighbor 10.10.10.2 password 7 15020A1F173D24362C7E64704053
!
 
With authentication of this type, network attack is considerably more difficult. This is because the attacker must not only get the TCP sequence numbers right, but he must also insert the correct encrypted authentication key.
 


 
Custom Search
 
 
 
 
 

Sign Up for Newsletter and Post Updates

* required



*



Email Marketing by VerticalResponse

       VLSM eBook

VLSM eBook

 Resources
 

        

  
 
(c) Copyright 2012. Orbit-Computer-Solutions.Com. All rights reserved.   Web Links  Privacy Policy   
 
The information provided on this website is for informational purposes only. Orbit-computer-solutions.com makes no warranties, either expressed or implied,
 with respect to any information contained on this website.
Orbit -computer-solutions.com reserves the right to change this policy at any time without prior notice.
Cisco and All related product mentioned in any portion of this website are the registered trademarks of Cisco.com their respective owners.
Microsoft Windows and All related products mentioned in any portion of this website are registered trademark of Microsoft Corporation.