Monday, July 26, 2010

CCNP - ENTERPRISE - Authentication in EIGRP, OSPF, IS-IS, BGP

Like my previous post, the way authentication is applied for each protocol varies in a EIGRP, OSPF, IS-IS, and BGP.

EIGRP:
Supports MD5/Plain text
Applied to the interface that connects to the neighbour, must be the same at each side.

Configure by doing:
R1(config)#int s0/0
R1(config0if)#ip authentication eigrp 1 md5
R1(config-if)#ip authentication key-chain eigrp 1 EIGRP_AUTH
!
R1(config)#key-chain EIGRP_AUTH
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string P@ssw0rd
!

OSPF:
Applied on the interface
Can be MD5/Plain text
Configure the same authentication on all neighbors

Configure plain text:
R1(config)#int s0/0
R1(config-if)#ip ospf authentication*
R1(config-if)#ip ospf authentication-key 1 P@ssw0rd
  *This cmd, without any switches, configures authentication in plain text

Configure MD5 authentication:
R1(config)#int s0/0
R1(config-if)#ip ospf authentication message-digest
R1(config-if)#ip ospf message-digest-key 1 md5 P@ssw0rd
!

IS-IS:
Offers 2 layers of authentication
i) Area-Passwords - between Level1 routers
ii)Domain-Password - between Level2 routers

Can be plain text or MD5 (out of scope of BSCI though)
Apply the cmd on all routers within the area or domain (for Level2)

Configure Level1 plain text authentication by:
R1(config)#router isis
R1(config-router)#area-password P@ssW0rd
!

Configure Level2 plain text authentication by:
R2(config)#router isis
R2(config-router)#domain-password P@ssw0rd
!

Protect specific links by applying the authentication on the interface:
R2(config)#int s0/0
R2(config-if)#isis password P@ssw0rd level-2*
 *you should state the router level to apply the authentication to, default is level1

BGP:
Uses MD5 authentication
Must be configured on each side of the neighbor relationship otherwise the connection is not made

Configure authentication by:
R4(config)#router bgp 100
R4(config-router)#neighbor 10.1.1.1 password P@ssw0rd



No comments:

Post a Comment