Enabling MD5 Authentication on a TCP Connection
You can use the neighbor password command to enable MD5 authentication on a TCP
connection between two BGP peers. Enabling MD5 authentication causes each segment
sent on the TCP connection between them to be verified.
You must configure MD5 authentication with the same password on both BGP peers;
otherwise, the router does not make the connection between the BGP peers.
The MD5 authentication feature uses the MD5 algorithm. When you specify this command,
the router generates and checks the MD5 digest on every segment sent on the TCP
connection.
In the following example, the password is set to “ opensesame” :
host1(config)#router bgp 100
host1(config-router)#neighbor 2.2.2.2 password opensesame
The show ip bgp neighbors command does not reveal the password, but does indicate
whether MD5 authentication is configured for the session. The output of the show
configuration command varies as follows:
•
If you use the 8 keyword to specify that the password is encrypted, then the output of
the show configuration command displays the text that you entered (the ciphertext
password).
•
If you do not use the 8 keyword (that is, you use the 0 keyword or no encryption
keyword), and if the service password-encryption command has not been issued,
then the output of the show configuration command displays the text that you entered
(the plaintext password).
•
If you do not use the 8 keyword (that is, you use the 0 keyword or no encryption
keyword) but the service password-encryption command has been issued, then the
output of the show configuration command displays an encrypted password that is
equivalent to the cleartext password that you entered.
neighbor password
• Use to enable MD5 authentication on a TCP connection between two BGP peers.
• If you configure a password for a neighbor, an existing session is torn down and a new
one established.
• If you specify a BGP peer group by using the peerGroupName argument, all the members
of the peer group inherit the characteristic configured with this command unless it is
overridden for a specific peer.
• If a router has a password configured for a neighbor, but the neighbor router does not,
a message indicating this condition appears on the console while the routers attempt
to establish a BGP session between them.
• Similarly, if the two routers have different passwords configured, a message appears
on the console indicating that this condition exists.
37Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Configuring BGP Routing
To Next Page
Loading...
Need help?
General
