BGP MD5 Authentication


When configuring or changing the [BGP Authentication](/bgp-authentication) configuration on an already established peering, you must note the following:

If you configure or change the password used for MD5 authentication between two [BGP](/bgp) peers, the local router **will not tear down the existing session** after you configure the password. The local router will attempt to maintain the peering session using the new password until the BGP hold-down timer expires. The default time period is 180 seconds. If the password is not entered or changed on the remote router before the hold-down timer expires, the session will time out.

If you want to test this, configure BGP with two routers like this:

```
R1#
router bgp 1
neighbor 192.168.12.2 remote-as 2
```

```
R2#
router bgp 2
neighbor 192.168.12.1 remote-as 1
```

You can see that the neighbor adjacency is working:

```
R1#show ip bgp summary
BGP router identifier 192.168.12.1, local AS number 1
BGP table version is 1, main routing table version 1

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
192.168.12.2    4            2       9      10        1    0    0 00:06:20        0
```

Once the BGP neighbor adjacency is established, change the configuration on one of the two routers:

```
R1#
router bgp 1
neighbor 192.168.12.2 password CISCO123
```

You can use `show ip bgp summary` to see that the neighbor adjacency is still there. You can also use `debug ip bgp` to see in action when it will be dropped.

BGP configuring authentication on an established BGP session

BGP AS Path Filtering and Manipulation

BGP AS Path

BGP AS number notation

BGP AS-Override Risks

BGP AS_PATH when using aggregate-address

BGP AS_SET and AS_CONFED_SET Deprecated

BGP AS_TRANS

BGP Advertised Routes and Outbound Policy Application

BGP Advertising a prefix

BGP Advertising a route using the Null0 exit interface

BGP Asymmetric routing when using ASA with AWS

BGP Attributes - route map direction

BGP Authentication

BGP Auto-Summary Best Practices

BGP Cluster ID

BGP Confederation peerings

BGP Confederations

BGP Default local preference and its appearance in the BGP table

BGP Equal Cost Multipath AS_Path Attribute

BGP Equal cost multipath configuration syntax

BGP Equal cost multipath

BGP Extended Community

BGP ISPs prefixes advertised to enterprise edge routers

BGP Influence incoming traffic

BGP Load balancing

BGP Maximum Prefix Feature

BGP Maximum message size

BGP Origin AS Validation

BGP Originator ID

BGP PIC and its Relationship with BGP Attributes

BGP Path Selection Oldest Path

BGP RIB failure Administrative Distance

BGP RIB failure

BGP Routing Table Entry without Exit Interface

BGP Site of Origin (SoO) Community

BGP Standard Community

BGP Table Origin Code

BGP Update Groups

BGP Update Total Path Attribute Length field

BGP active and passive peers

BGP advertises only the best path by default

BGP advertising a default route

BGP aggregate-address

BGP and route tagging

BGP applying route maps to prefixes

BGP communities

BGP community propagation

BGP community types

BGP dmzlink-bw feature

BGP eBGP next hop optimization

BGP hold timer

BGP how MED attribute is compared

BGP influence Outgoing Traffic

BGP installing a BGP-learned route into the routing table

BGP internal vs external

BGP multihop vs disable-connected-check

BGP neighbor activate command

BGP neighbor-group

BGP paths indicated in the show ip bgp command

BGP peer templates

BGP peering redundancy using loopbacks

BGP private AS numbers

BGP regular expressions - use of 4-Byte ASNs

BGP regular expressions - use of backslash for confederations

BGP route dampening penalty half-life

BGP route refresh capability annoucement

BGP soft reconfiguration on Cisco ASA

BGP sub autonomous system

BGP table status codes

BGP traffic engineering

BGP using next-hop-self with a route reflector

BGP weight attribute default value

BGP which address is used as the next hop

BGP why do we need an IGP for BGP to work

BGP why route dampening is obsolete

Best practice - concerning undebug all

Best practice - prevent connectivity loss of remote device

Bidirectional Forwarding Detection (BFD)

Broadcast Domain Borders

Broadcast MAC address

Broadcast traffic

CBC-MAC

CBWFQ and shaping

CCNP SCOR exam topics

CDP - best practices

CDP versions messages timers

CEF - Operation within a chassis switch

CEF Load Balancing Algorithm

CISCO ASA IKEv2 hub and spoke

CLI Filtering show commands

CPM - Cisco Performance Monitor

CPM - Collect keyword

CPM - match and collect keywords

Career study advice

Carrier-Grade NAT

Certificate Authority Structure

Certification Cisco exam topics blueprint

BGP configuring authentication on an established BGP session

Links to this page: