Support User Manuals

Cisco Systems 78-11741-02 Wireless Office Headset User Manual

Open as PDF

of 624

Configuring BGP

Configuring Advanced BGP Features

IPC-324

Cisco IOS IP Configuration Guide

See the “BGP Peer Group Examples” at the end of this chapter for an example of enabling MD5

authentication.

BGP through PIX Firewalls

When configuring BGP peers with MD5 authentication that pass through a PIX firewall you must also

disable the TCP random sequence number feature on the PIX firewall because this feature will prevent

the BGP peers from successfully negotiating a connection. The BGP neighbor authentication fails

because the PIX firewall changes the TCP sequence number for IP packets before it forwards them.

When the BGP peer receiving the authentication request runs the MD5 algorithm it will detect that the

TCP sequence number has been changed and reject the authentication request. To prevent the TCP

sequence number change, use the nonrandomseq keyword in the PIX configuration for the static route

configured to allow the BGP connection through the firewall. The non random sequence feature on the

PIX firewall prevents the PIX firewall software from changing the sequence number.

Here is an example of the static command configuration on the PIX with the nonrandomseq keyword:

static (inside, outside) 10.0.0.0 10.0.0.0 netmask 255.0.0.0 norandomseq

Making Neighbors Members of the Peer Group

To configure a BGP neighbor to be a member of a BGP peer group, use the following command in router

configuration mode, using the same peer group name:

See the “BGP Peer Group Examples” section at the end of this chapter for examples of iBGP and eBGP

peer groups.

Disabling a Peer or Peer Group

To disable an existing BGP neighbor or neighbor peer group, use the following command in router

configuration mode:

To enable a previously existing neighbor or neighbor peer group that had been disabled using the

neighbor shutdown router configuration command, use the following command in router configuration

mode:

Command Purpose

Router(config-router)# neighbor ip-address

peer-group peer-group-name

Makes a BGP neighbor a member of the peer group.

Command Purpose

Router(config-router)# neighbor {ip-address |

peer-group-name} shutdown

Shuts down or disables a BGP neighbor or peer group.

Command Purpose

Router(config-router)# no neighbor {ip-address |

peer-group-name} shutdown

Enables a BGP neighbor or peer group.

previous next