2012-03-01

33. BGP Neighbor Authentication

1、掌握其于MD5的BGP对等体认证配置。
 
网络图:

image.png


配置各路由器IP地址等基本信息,测试互连可达。

配置正确的BGP。

 

查看R1和R2的路由表:

R1>show ip route
Gateway of last resort is not set

     172.16.0.0/24 is subnetted, 1 subnets
C       172.16.1.0 is directly connected, Loopback0
     10.0.0.0/30 is subnetted, 1 subnets
C       10.1.255.0 is directly connected, Serial0/0
B    192.168.1.0/24 [20/0] via 10.1.255.2, 00:05:44

 

R2>show ip route
Gateway of last resort is not set

     172.16.0.0/24 is subnetted, 1 subnets
B       172.16.1.0 [20/0] via 10.1.255.1, 00:06:42
     10.0.0.0/30 is subnetted, 1 subnets
C       10.1.255.0 is directly connected, Serial0/0
C    192.168.1.0/24 is directly connected, Loopback0

 

在R1上配置BGP认证:

R1(config)#router bgp 64512
R1(config-router)#neighbor 10.1.255.2 password xiaoyang  ---->指定邻居指定密码
R1(config-router)#exit

 

配置完后R1立即提示下列信息:

*Mar  1 00:10:16.159: %TCP-6-BADAUTH: No MD5 digest from 10.1.255.2(179) to 10.1.255.1(16715)
*Mar  1 00:10:16.391: %TCP-6-BADAUTH: No MD5 digest from 10.1.255.2(179) to 10.1.255.1(16715)
*Mar  1 00:10:16.851: %TCP-6-BADAUTH: No MD5 digest from 10.1.255.2(179) to 10.1.255.1(16715)
*Mar  1 00:10:16.903: %TCP-6-BADAUTH: No MD5 digest from 10.1.255.2(179) to 10.1.255.1(16715)

R2使用其TCP的179端口与本地的16715端口建立BGP会话,没有携带MD5密钥认证不通过。

 

查看R1和R2的路由表和BGP的数据库:

R1#show ip route
Gateway of last resort is not set

     172.16.0.0/24 is subnetted, 1 subnets
C       172.16.1.0 is directly connected, Loopback0
     10.0.0.0/30 is subnetted, 1 subnets
C       10.1.255.0 is directly connected, Serial0/0
R1#show ip bgp
BGP table version is 4, local router ID is 172.16.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 172.16.1.0/24    0.0.0.0                  0         32768 i

 

R2#show ip route
Gateway of last resort is not set

     10.0.0.0/30 is subnetted, 1 subnets
C       10.1.255.0 is directly connected, Serial0/0
C    192.168.1.0/24 is directly connected, Loopback0
R2#show ip bgp
BGP table version is 4, local router ID is 192.168.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 192.168.1.0      0.0.0.0                  0         32768 i

  --->此时R1和R2的BGP协议已经释放了之前学习到的BGP路由。

 

查看R2的汇总信息:

R2#show ip bgp summary
BGP router identifier 192.168.1.1, local AS number 64513
BGP table version is 4, main routing table version 4
1 network entries using 117 bytes of memory
1 path entries using 52 bytes of memory
2/1 BGP path/bestpath attribute entries using 248 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 417 total bytes of memory
BGP activity 2/1 prefixes, 2/1 paths, scan interval 60 secs

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.1.255.1      4 64512      16      16        0    0    0 00:11:11 Active

  ---->认证不过,BGP邻居不能建立

 

在R2上也配置认证:

R2(config)#router bgp 64513
R2(config-router)#neighbor 10.1.255.1 password xiaoyang
R2(config-router)#end

*Mar  1 00:25:53.307: %BGP-5-ADJCHANGE: neighbor 10.1.255.1 Up

最后的日志信息说明邻居已经正常建立。

 

此时所有的邻居和路由等信息又会恢复正常。


标签:
作者:天才小网管 | 分类:网络技术 | 浏览:1676 | 评论:0

发表评论:

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

桂ICP备19000498号-3