Lab 7. BGP Authentication
Okay guys, come back aye.. as the owner, manager, or whatever the name is on this blog. Ok, let's just go ahead without much fuss, let's continue the material in BGP. Continue to the next material, namely BGP Authentication. What is BGP Authentication and how does it work?. BGP Authentication is a mechanism that is used as security when peering. So if the authentication installed between neighbors is not the same, then there will be no peering between the neighbors. To clarify we go directly to the topology and configuration.
Topology :
Here we will install authentication on the interface that connects between R1 and R2.
Configuration :
IDN-R1 :
R1(config)#int fa0/0IDN-R2:
R1(config-if)#no sh
R1(config-if)#ip add 12.12.12.1 255.255.255.0
R1(config-if)#int lo0
R1(config-if)#ip add 1.1.1.1 255.255.255.255
R1(config-if)#int lo1
R1(config-if)#ip add 11.11.11.1 255.255.255.255
R1(config-if)#int lo2
R1(config-if)#ip add 11.11.11.2 255.255.255.255
R2(config)#int fa0/0IDN-R3:
R2(config-if)#no sh
R2(config-if)#ip add 12.12.12.2 255.255.255.0
R2(config)#int fa1/0
R2(config-if)#no sh
R2(config-if)#ip add 23.23.23.2 255.255.255.0
R2(config-if)#int lo0
R2(config-if)#ip add 2.2.2.2 255.255.255.255
R2(config-if)#int lo1
R2(config-if)#ip add 22.22.22.22 255.255.255.255
R3(config)#int fa0/0After that, we do iBGP peering, but before that, we have to configure IGP first so that the loopback IPs can connect to each other.
R3(config-if)#no sh
R3(config-if)#ip add 23.23.23.3 255.255.255.0
R3(config-if)#int lo0
R3(config-if)#ip add 3.3.3.3 255.255.255.255
R3(config-if)#int lo1
R3(config-if)#ip add 33.33.33.33 255.255.255.255#
IDN-R1:
R1(config)#router eigrp 10IDN-R2:
R1(config-router)#net 12.12.12.1 0.0.0.0
R1(config-router)#net 1.1.1.1 0.0.0.0
R1(config-router)#no aut
R2(config)#router eigrp 10IDN-R3:
R2(config-router)#no aut
R2(config-router)#net 12.12.12.2 0.0.0.0
R2(config-router)#net 23.23.23.2 0.0.0.0
R2(config-router)#net 2.2.2.2 0.0.0.0
R3(config)#router eigrp 10After that, verify by looking at one of the routing tables, make sure all loopback IPs have been registered on each router.
R3(config-router)#no aut
R3(config-router)#net 23.23.23.3 0.0.0.0
R3(config-router)#net 3.3.3.3 0.0.0.0
R1#show IP route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, so - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter-area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set 1.0.0.0/32 is subnetted, 1 subnetsC 1.1.1.1 is directly connected, Loopback0 2.0.0.0/32 is subnetted, 1 subnetsD 2.2.2.2 [90/156160] via 12.12.12.2, 00:06:07, FastEthernet0/0 3.0.0.0/32 is subnetted, 1 subnetsD 3.3.3.3 [90/158720] via 12.12.12.2, 00:05:00, FastEthernet0/0 11.0.0.0/32 is subnetted, 2 subnetsC 11.11.11.1 is directly connected, Loopback1C 11.11.11.2 is directly connected, Loopback2 12.0.0.0/8 is variably subnetted, 2 subnets, 2 masksC 12.12.12.0/24 is directly connected, FastEthernet0/0L 12.12.12.1/32 is directly connected, FastEthernet0/0
23.0.0.0/24 is subnetted, 1 subnets
D 23.23.23.0 [90/30720] via 12.12.12.2, 00:06:12, FastEthernet0/0 once all loopback IPs are registered, perform iBGP peering between all routers. IDN-R1:
R1(config)#router bgp 10
R1(config-router)#neighbor 2.2.2.2 remote-as 10
R1(config-router)#neighbor 2.2.2.2 update-source lo0
R1(config-router)#neighbor 3.3.3.3 remote-as 10
R1(config-router)#neighbor 3.3.3.3 update-source lo0
IDN-R2:
R2(config)#router bgp 10IDN-R3:
R2(config-router)#neigh 1.1.1.1 remote-as 10
R2(config-router)#neigh 1.1.1.1 up lo0
R2(config-router)#neigh 3.3.3.3 remote-as 10
R2(config-router)#neigh 3.3.3.3 up lo0
R3(config)#router bgp 10
R3(config-router)#neigh 1.1.1.1 remote 10
R3(config-router)#neigh 1.1.1.1 up lo0
R3(config-router)#neigh 2.2.2.2 remote 10
R3(config-router)#neigh 2.2.2.2 up lo0
After that, we check the BGP table on one of the routers and make sure all neighbors are registered in the BGP table.
R1#show ip bgp sum
BGP router identifier 11.11.11.2, local AS number 10
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2.2.2.2 4 10 24 24 1 0 0 00:18:35 0
3.3.3.3 4 10 9 7 1 0 0 00:05:19 0
Here it can be seen that all neighbors have been registered, then we will configure BGP authentication. We will install authentication on IDN-R1 and IDN-R2.
IDN-R1:
R1(config)#router bgp 10IDN-R2:
R1(config-router)#neighbor 2.2.2.2 password 0 IDN
R2(config)#router bgp 10After that try to advertise one network on one router.
R2(config-router)#neigh 1.1.1.1 password 0 IDN
R1(config)#router bgp 10After that let's check the BGP summary.
R1(config-router)#network 11.11.11.1 mask 255.255.255.255
R2#show ip bgp summary
BGP router identifier 22.22.22.22, local AS number 10
BGP table version is 2, main routing table version 2
1 network entries using 144 bytes of memory
1 path entries using 80 bytes of memory
1/1 BGP path/bestpath attribute entries using 136 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 360 total bytes of memory
BGP activity 1/0 prefixes, 1/0 paths, scan interval 60 secsNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd1.1.1.1 4 10 54 55 2 0 0 00:44:32 1
3.3.3.3 4 10 38 39 2 0 0 00:31:07 0
This means that the BGP Authentication lab has been declared successful SUCCESSFUL!!!!
Done ......
See u in the next post... AND... stay on this blog
Wassalamualaikum warahmatullahi wabarakatuh..
Jangan pernah bosan untuk belajar, selalu belajar dan temukan hal baru. Karena belum tentu hasil yang akan kita dapat itu dapat diraih dengan usaha yang mudah, semudah menjatuhkan sesuatu. Bisa saja kita harus mendapatkan dengan usaha yang sulit, seperti menjadi sebuah benda kecil ditumpukkan jerami.
ConversionConversion EmoticonEmoticon