Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11980
Views
0
Helpful
3
Replies

BGP Password

Go to solution
kramer977
Level 1
Level 1

‎08-23-2019 08:17 PM

Hi everyone,

I'm configuring eBGP and attempted to establish neighbours with the use of a password (password 7).   I have service password-encryption enabled on the router.  I used a random combination of letters and numbers (26 characters) and I got the error - Invalid Encrypted Password.  I believe it's denying it because I'm trying to use an encrypted password when it's trying to see a plain text password in order for the router to encrypt, correct?

My question is, what is the best approach when configuring the BGP password 7? What type of password or phrase would be accepted and what are the limitations? Also, when exchanging the password on the other end (bgp speaker), would the other router type in when configuring the neighbour? Which password is exchanged, the post encrypted password or the passphrase?

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP

‎08-24-2019 12:56 AM

Hello,

 

you cannot enter a level 7 password in cleartext, level 7 expects an encrypted string. To give you an example, in order to enter ´ciscorouter´ as an encrypted string, you first have to find out what the encrypted string looks like, once you know that, you can enter that string:

 

Try the following in order to see how it works:

 

Type ´enable password 0 ciscorouter´ and then enable ´service password-encryption´. Write down the encrypted string you see in your configuration.

 

enable password 7 110A1016141D1903113E2E36

 

Then use that string for the BGP neighbor:

 

neighbor x.x.x.x password 7 110A1016141D1903113E2E36

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Martin L
VIP
VIP

‎08-23-2019 09:06 PM - edited ‎08-23-2019 09:48 PM


usually ISP give u password phrase to type in. if they tell you password, you type in plain password, without 7, but if they give u text to past in with "7" in there, like password 7 151F0A1E102325272120362D10041F06 , copy and paste password 7 string. note : you need service password-encryption to be on. this service tells router how to store password in nvram; encrypted or not. With on, u cannot clearly read password in show run; 


I believe password length is 25 characters or less. Router will give u an error if u type too long password. (may depends on ios and model versions)

I think Routers exchange MD5 hash of your password 

 

Regards, ML
**Please Rate All Helpful Responses **

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎08-24-2019 12:56 AM

Hello,

 

you cannot enter a level 7 password in cleartext, level 7 expects an encrypted string. To give you an example, in order to enter ´ciscorouter´ as an encrypted string, you first have to find out what the encrypted string looks like, once you know that, you can enter that string:

 

Try the following in order to see how it works:

 

Type ´enable password 0 ciscorouter´ and then enable ´service password-encryption´. Write down the encrypted string you see in your configuration.

 

enable password 7 110A1016141D1903113E2E36

 

Then use that string for the BGP neighbor:

 

neighbor x.x.x.x password 7 110A1016141D1903113E2E36

0 Helpful

Go to solution
kramer977
Level 1
Level 1
In response to Georg Pauwen

‎08-24-2019 04:39 AM

Thanks, this is exactly what I did and worked flawless.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card