BGP Neighbor Authentication Overview
BGP neighbor authentication establishes a neighbor only with a legitimate BGP router. Originally, BGP requires neighbors to explicitly configure each other as neighbors. Therefore, other routers will not become neighbors on their own if they are not authenticated like OSPF or EIGRP. However, authentication of BGP neighbors is important for establishing secure neighbors.
Configuring BGP Neighbor Authentication
Authentication for BGP neighbors is very simple. The command is as follows.
Router(config)#router bgp <AS>
Router(config-router)#neighbor <ip-address> password <password>
<AS>:AS number
<ip-address>:Neighbor IP address
<password>: case-sensitive password
Example of BGP neighbor authentication configuration
Configure neighbor authentication with the following network diagram.
R1およびISP1でネイバー認証の設定を行います。
R1 BGP neighbor authentication
router bgp 100 neighbor 172.16.1.11 password n-study
ISP1 neighbor authentication
router bgp 1 neighbor 172.16.1. 1 password n-study
If the state of the neighbor is Established, the authentication is working correctly. There are two ways in which authentication can go wrong
- Only one of them has the neighbor password command configured.
The following message is displayed
*Mar 1 00:19:16.960: %TCP-6-BADAUTH: No MD5 digest from 172.16.1.11(179) to 172.16.1.1(11000) (RST) - The password that is configured does not match.
The following message is displayed
*Mar 1 00:27:54.015: %TCP-6-BADAUTH: Invalid MD5 digest from 172.16.1.11(179) to 172.16.1.1(11002)
This is not limited to BGP neighbor authentication, but when configuring a password, be careful not to include a space at the end of the string.
Related articles