11-02-2009 08:16 AM - edited 03-04-2019 06:34 AM
hi,
when i configured ibgp peership with "nei 1.1.1.2 password cisco" i am getting output that no md5 authentication from 1.1.1.2 but when i configured neighborship on 1.1.1.2 with "nei 1.1.1.1 pass 7 030752180500" (030752180500--this encrypted key in running config of 1.1.1.1), neighborship is eshtablishes without any issue.
my query is that--if i am able to use this encrypted key to establish neigh then what is the use of this authentication?
please help
11-02-2009 09:41 AM
The key you've illustrated was generated by the service password-encryption command.
This command is primarily useful for keeping unauthorized individuals from viewing your password in your configuration file.
The MD5 authentication occurs in the wire during the BGP peering exchange and the only option to peer with BGP while having the password is MD5, there isn't any simple text authentication.
Regards
Edison.
11-02-2009 09:56 AM
Dear Mr.Edison,
all you say is correct but my basic question is that if any unauthorized router become a neighbor with excrypted password without knowing the real password then what is the use of that encrypted password as anyone can become a neighbor by using this encry password.
thanks and regards,
sourabh
11-02-2009 10:35 AM
I addressed your question.
The encrypted password above is the same as 'cisco' in non-encrypted form.
The neighbors must have the same password in order for the peering to come up.
While one neighbor has 'cisco' and the other one has the encrypted password of 'cisco', they will both send the same password and MD5 algorithm will produce the same result on the hash.
BTW, with BGP - you need to configure neighbor at both ends. An unauthorized router can't peer with you unless you peer back to them.
The password will help preventing the BGP packet from being sniffed while traversing unprotected hops.
Regards
Edison.
11-02-2009 10:47 AM
Sourabh,
You can not establish neighbored relationship with a peer if you do not know what the password is. Try this with 2 routers:
1-Establish a BGP session between router A and router B
2-Make sure that BGP neighbors are in established mode by issuing "sh ip bg nei" command.
3-On router A, add a password to the neighbor and use the above command and watch it go from established to active.
4-Add the same exact password to router B or delete the password on router A and watch it go back from active to established
HTH
Reza
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide