Wednesday, January 7, 2009

Managing BGP Connections

I went through setting up BGP neighbor description & BGP neighbor passwords.

BGP Neighbor Description

The BGP Neighbor Description is just for your use to understand in a later point of time what you are dealing with & is very simple to configure;

R0(config)#ip routing
R0(config)#router bgp 100
R0(config-router)#neigh 10.1.10.1 remote-as 101
R0(config-router)#neigh 10.1.10.1 description connected to right side router
R0(config-router)#end

R0(config)#ip routing
R0(config)#router bgp 100
R0(config-router)#neigh 10.1.10.1 remote-as 101
R0(config-router)#neigh 10.1.10.1 desc
R0(config-router)#neigh 10.1.10.1 description connected to right side router
R0(config-router)#end

BGP Neighbor Password

Setting a password is also very simple & neat. Al you do is set the password & poof you have secure BGP connections. MD5 hashing is used.


R0(config-if)#router bgp 100
R0(config-router)#neighbor 10.1.10.1 password cisco
R0(config-router)#end
R0#
*Mar 1 00:31:12.555: %SYS-5-CONFIG_I: Configured from console by console
R0#
R0#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R0(config)#int s0/0
R0(config-if)#no shut
R0(config-if)#end
R0#
*Mar 1 00:31:54.275: %SYS-5-CONFIG_I: Configured from console by console
R0#
*Mar 1 00:31:55.835: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up
R0#
*Mar 1 00:31:56.839: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
*Mar 1 00:32:07.711: %BGP-5-ADJCHANGE: neighbor 10.1.10.1 Up
R0#
*Mar 1 00:33:08.375: %TCP-6-BADAUTH: Invalid MD5 digest from 10.1.10.1(179) to 10.1.10.100(12605)
*Mar 1 00:33:10.055: %TCP-6-BADAUTH: Invalid MD5 digest from 10.1.10.1(179) to 10.1.10.100(12605)
*Mar 1 00:33:13.135: %TCP-6-BADAUTH: Invalid MD5 digest from 10.1.10.1(179) to 10.1.10.100(12605)
*Mar 1 00:33:19.275: %TCP-6-BADAUTH: Invalid MD5 digest from 10.1.10.1(179) to 10.1.10.100(12605)
R0#

The message keeps popping until the other side is configured with the same password.
An interesting thing to note was that space is accepted in the password. so be careful when you issue a ? to see further options. i hit the point where a BGP notification was sent even though the password matched or @least appeared to have matched that's when I realized is had checked for context sensitive help & left a space in the end :)
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Top 7 popular posts on cciedash !

  • CCIE Storage Retired
    With the advent of the much awaited CCIE Data Center certification, the CCIE Storage certification is being retired. The official announcem...
  • OEQ reach end of road
    Finally after a year of terrorizing the ccie world cisco has finally made a move to remove the OEQ a.k.a Core knowledge section from the ...
  • Breezed through layer 2 & other sections
    I breezed through the layer 2 section. Switching & frame relay is done. Only th catalyst side of qos is pending. HSRP/VRRP is also done....
  • Finally ... Through With Multicast Theory !!
    Alright, Finally I am done with the multicast theory. Only the "Anycast" theory is still pending. I thought I will breeze through ...
  • Protecting Against the Rampant Conficker Worm
    Protecting Against the Rampant Conficker Worm Posted using ShareThis
  • Trying out Multicasting !!
    Alright its finally time for me to play around with multicasting :) First off I tried configuring PIM-Dense mode, pretty simple & straig...
  • Happy New Year 2017
    Wishing all my friends , followers and fellow readers a very happy and prosperous new year 2017