Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2304
Views
0
Helpful
1
Replies

BGP Neighbors Configured With Weak Passwords

ksenetwork
Level 1
Level 1

‎08-11-2015 11:30 PM - edited ‎03-05-2019 02:03 AM

BGP Neighbors Configured With Weak Passwords

We need to upgrade our Type-7 Authentication to MD-5 Authentication its our IT-Audit team need to change it.

 

Workaround:

I configured following commands in my internet router:

router bgp 58974

 neighbor 119.63.129.201 password xxxxxx
 neighbor 119.63.129.201 version 4

 neighbor 119.63.131.157 password xxxxxx

 neighbor 119.63.131.157 version 4

 

But when i done these command and bgp peer sync with each other i save the command and see these on my router.

 

router bgp 58974

 neighbor 119.63.129.201 password 7 xxxxxx

 neighbor 119.63.131.157 password 7 xxxxxx

 

How to enable MD5 authentication on both routers 

 

Cisco Router : ISR 4400

Cisco IOS Version:15.4

Regards,

Salman Ahmed

noc@kse.com.pk

 

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎08-12-2015 12:30 AM

What you configured *is* MD5 authentication. But the hashing is done for the transfer over the wire not for local storage. On the local router, the password can not be stored as a hash as the router needs the password in plaintext for the MD5-hash-function.

All you can do is to configure the "hiding" of passwords (aka service password-encryption) as you did and use a long (up to 25 characters) password.

For sure, Cisco could implement a real password encryption as it's done with pre-shared-keys for VPNs, but probably no (really important) customer asked for that before.

0 Helpful
Customers Also Viewed These Support Documents