Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
934
Views
5
Helpful
7
Replies

BGP Authentication with two RR routers

Go to solution
msaltunsaray
Level 1
Level 1

‎05-02-2018 05:25 AM - edited ‎03-05-2019 10:22 AM

Hi guys,

 

Can anyone tell me that how do we configure BGP authentication with two RR routers?

 

Same AS, IBGP peering...

 

My RRs are 7301.

 

Thanks in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio E. Moisa
VIP
VIP
In response to msaltunsaray

‎05-02-2018 06:14 AM - edited ‎05-02-2018 06:18 AM

Hi,

That is great, yes if you apply the authentication into the template it will be applied to all the peers involved into the template, now my suggestion is do that into an authorized maintenance windows because you could lose connectivity with remote peers. 

 

Please check this link:

http://hackingcisco.blogspot.com/2011/05/lab-137-bgp-peer-templates.html

 

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Julio E. Moisa
VIP
VIP

‎05-02-2018 05:27 AM - edited ‎05-02-2018 05:28 AM

Hi

The authentication method between to BGP peers is using the command: password, for example:

router bgp 100

neighbor 1.1.1.1 remote-as 100

neighbor 1.1.1.1 password CISCO.

 

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

Go to solution
msaltunsaray
Level 1
Level 1
In response to Julio E. Moisa

‎05-02-2018 05:31 AM

Actually I meant to do this with RR.

Is the configuration same?

0 Helpful

Go to solution
Julio E. Moisa
VIP
VIP
In response to msaltunsaray

‎05-02-2018 05:33 AM - edited ‎05-02-2018 05:34 AM

Hi,

Yes, it is the same, there is no other way to authenticate BGP peers. 

If you are using address-family is the same way as well. 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

Go to solution
msaltunsaray
Level 1
Level 1
In response to Julio E. Moisa

‎05-02-2018 05:37 AM

Is there a way to configure it under cluster instead configuring for each peering?

0 Helpful

Go to solution
Julio E. Moisa
VIP
VIP
In response to msaltunsaray

‎05-02-2018 05:41 AM - edited ‎05-02-2018 05:43 AM

Yes, there is a way but if you are already using Peer-groups or templates, for example:

Imagine you are creating the initial configuration for your iBGP peerings:

 

RR server

 

router bgp 1

no syn

no auto-summary

neighbor PEER peer-group

neighbor PEER remote-as 1

neighbor PEER password CISCO

neighbor PEER route-reflector-client

neighbor PEER update-source loopback0

neighbor 1.1.1.1 peer-group PEER

neighbor 2.2.2.2 peer-group PEER

neighbor 3.3.3.3 peer-group PEER

 

Now each RR client must create the peering with the RR server with the same password, peer-groups is not required on the client unless you have more than one RR Server in order to avoid many lines.

 

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Go to solution
msaltunsaray
Level 1
Level 1
In response to Julio E. Moisa

‎05-02-2018 06:01 AM

I have "template peer session IBGP"

 

template peer-session IBGP
remote-as XXX
description IBGP Peerings
update-source Loopback0
exit-peer-session
!

If I write authentication under this template, would it be done for all my IBGP peers?

 

 

0 Helpful

Go to solution
Julio E. Moisa
VIP
VIP
In response to msaltunsaray

‎05-02-2018 06:14 AM - edited ‎05-02-2018 06:18 AM

Hi,

That is great, yes if you apply the authentication into the template it will be applied to all the peers involved into the template, now my suggestion is do that into an authorized maintenance windows because you could lose connectivity with remote peers. 

 

Please check this link:

http://hackingcisco.blogspot.com/2011/05/lab-137-bgp-peer-templates.html

 

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card