配置bgp的邻居认证

一、拓扑图



[align=left]二、BGP基本配置：
1、配置两台路由器的IP地址，保证直连链路的连通性。
2、配置两台路由器的BGP协议：[/align]
[align=left] [/align]

R1(config-if)#router bgp 64512 R1(config-router)#net 10.1.255.0 mask 255.255.255.252 R1(config-router)#net 172.16.1.0 mask 255.255.255.0 R1(config-router)#nei 10.1.255.2 remote 64513 R2(config)#router bgp 64513 R2(config-router)#net 10.1.255.0 mask 255.255.255.252 R2(config-router)#net 192.168.1.0 mask 255.255.255.0 R2(config-router)#nei 10.1.255.1 remote 64512

[align=left] [/align]
3、查看一下R1和R2的BGP路由表，能学到对方的BGP路由：

R1#sh ip route bgp B 192.168.1.0/24 [20/0] via 10.1.255.2, 00:09:20 R2#sh ip route bgp 172.16.0.0/24 is subnetted, 1 subnets B 172.16.1.0 [20/0] via 10.1.255.1, 00:10:17

[align=left]三、配置BGP的邻居认证：
[/align]
[align=left]1、先在R1上做上邻居认证，并设置密码为supercisco：[/align]
[align=left] [/align]

R1(config)#router bgp 64512 R1(config-router)#nei 10.1.255.2 password supercisco

[align=left] [/align]
[align=left]2、发现一配置上去就有反映了：[/align]
[align=left] [/align]

*Mar 1 00:40:15.767: %TCP-6-BADAUTH: No MD5 digest from 10.1.255.2(59707) to 10.1.255.1(179) *Mar 1 00:40:16.287: %TCP-6-BADAUTH: No MD5 digest from 10.1.255.2(59707) to 10.1.255.1(179)

[align=left] [/align]
[align=left]3、查看一下简单BGP汇总：[/align]
[align=left] [/align]

R1#sh ip bgp summary ……………… Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.1.255.2 4 64513 42 46 0 0 0 00:00:43 Active

[align=left] [/align]
[align=left]4、查看一下BGP路由表，发现没有172.16.1.0/24的路由：[/align]
[align=left] [/align]

R2#sh ip route ……………… 10.0.0.0/30 is subnetted, 1 subnets C 10.1.255.0 is directly connected, Serial1/0 C 192.168.1.0/24 is directly connected, Loopback0 (没有学到R1的BGP路由) R2#sh ip bgp BGP table version is 7, local router ID is 192.168.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 10.1.255.0/30 0.0.0.0 0 32768 i *> 192.168.1.0 0.0.0.0 0 32768 i(没有R1 loopback BGP路由存在)

[align=left] [/align]
[align=left]5、再到R2去配上邻居认证：[/align]
[align=left] [/align]

R2(config)#router bgp 64513 R2(config-router)#nei 10.1.255.1 password supercisco

[align=left] [/align]
四、验证邻居认证：
[align=left] [/align]
[align=left]1、一配置上去，发现邻居马上就起来了：[/align]

R2(config-router)# *Mar 1 00:53:36.203: %BGP-5-ADJCHANGE: neighbor 10.1.255.1 Up

[align=left]2、到R2上看一下BGP 简单汇总和BGP路由：[/align]

R2#sh ip bgp summary …………………… Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.1.255.1 4 64512 58 57 8 0 0 00:07:09 2 （通过邻居学到了两条） R2#sh ip bgp BGP table version is 9, local router ID is 192.168.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 10.1.255.0/30 0.0.0.0 0 32768 i *> 192.168.1.0 0.0.0.0 0 32768 i

[align=left]3、看一下的路由表,两边都有了：[/align]

R1#sh ip route ……………… 172.16.0.0/24 is subnetted, 1 subnets C 172.16.1.0 is directly connected, Loopback0 10.0.0.0/30 is subnetted, 1 subnets C 10.1.255.0 is directly connected, Serial1/1 B 192.168.1.0/24 [20/0] via 10.1.255.2, 00:01:41 R2#sh ip route ……………… 172.16.0.0/24 is subnetted, 1 subnets B 172.16.1.0 [20/0] via 10.1.255.1, 00:01:54 10.0.0.0/30 is subnetted, 1 subnets C 10.1.255.0 is directly connected, Serial1/0 C 192.168.1.0/24 is directly connected, Loopback0