BGP MD5 Authentication

It is possible to configure MD5 authentication between BGP peers. This will result in the verification of each segment sent on the TCP connection between the peers.

MD5 authentication must be configured with the same password on both BGP peers. Configuring MD5 authentication causes Cisco IOS to generate and check an MD5 digest for every segment on the TCP connection.

Cisco currently only supports MD5 authentication, and only requires a single line of configuration to enable neighbor authentication. MD5 authentication is enabled using the following command:

neighbor 80.80.80.80 password cisco

where "cisco" is the password, which must be identical on both ends of the peering.

For information on configuring authentication on an already established BGP session, take a look at BGP configuring authentication on an established BGP session.

Links to this page: