The following task shows how to configure BGP dynamic neighbors using address range with Message Digest 5 (MD5) authentication.
Router# configure
Router(config)# router bgp as-number
Router(config-bgp)# neighbor address prefix
Router(config-bgp-nbr)# remote-as as-number
Router(config-bgp-nbr)# password {clear | encrypted} password
Router(config-bgp-nbr)# update-source interface
Router(config-bgp-nbr)# address-family ipv4 unicast
Router# commit
Running Configuration
Router# show running-config router bgp
router bgp 100
address-family ipv4 unicast
!
neighbor 12.12.12.0/24
remote-as 100
password encrypted 053816063349401D
update-source TenGigE0/0/0/5
address-family ipv4 unicast
!
!
!
Configuring EA Authentication
The following task shows how to configure the EA authentication.
Note |
Configuring EA authentication is a prerequisite for configuring BGP dynamic neighbors with EA authentication.
|
RP/0/RP0/CPU0:R1(config)#key chain bgp_ea
e
key-string bgp_ea_key
send-lifetimeRP/0/RP0/CPU0:R1(config-bgp_ea)# key 1
00:00:00 january 01 2019 infinite
cryptographiRP/0/RP0/CPU0:R1(config-bgp_ea-1)# accept-lifetime 00:00:00 january 01 2019 infinite
c-algorithm HMAC-SHA1-12
!RP/0/RP0/CPU0:R1(config-bgp_ea-1)# key-string bgp_ea_key
RP/0/RP0/CPU0:R1(config-bgp_ea-1)# send-lifetime 00:00:00 january 01 2019 infinite
RP/0/RP0/CPU0:R1(config-bgp_ea-1)# cryptographic-algorithm HMAC-SHA1-12
RP/0/RP0/CPU0:R1(config-bgp_ea-1)# !
RP/0/RP0/CPU0:R1(config-bgp_ea-1)#commit
RP/0/RP0/CPU0:Feb 27 10:10:13.371 UTC: config[66937]: %MGBL-CONFIG-6-DB_COMMIT : Configuration committed by user 'root'. Use 'show configuration commit changes 1000000198' to view the changes.
RP/0/RP0/CPU0:R1(config-bgp_ea-1)#end
RP/0/RP0/CPU0:Feb 27 10:10:14.146 UTC: config[66937]: %MGBL-SYS-5-CONFIG_I : Configured from console by root
RP/0/RP0/CPU0:R1#show running-config key chain
key chain bgp_ea
key 1
accept-lifetime 00:00:00 january 01 2019 infinite
key-string password 070D265C710C183A1C1712
send-lifetime 00:00:00 january 01 2019 infinite
cryptographic-algorithm HMAC-SHA1-12
!
!
The following task shows how to configure BGP dynamic neighbors using address range with EA authentication.
Router# configure
Router(config)# router bgp as-number
Router(config-bgp)# neighbor address prefix
Router(config-bgp-nbr)# remote-as as-number
Router(config-bgp-nbr)# keychain bgp_ea
Router(config-bgp-nbr)# address-family ipv4 unicast
Router(config-bgp-nbr)# route-policy name
Router(config-bgp-nbr)# route-policy name
Router# commit
Running Configuration
router bgp 100
neighbor 6.1.1.2
remote-as 200
keychain bgp_ea
address-family ipv4 unicast
route-policy bgp_policy in
route-policy bgp_policy out
!