13.6.6 Verifying TCP MD5 Certification

<Structure of this section>

(1) List of operation commands

The following tables list the operation commands for TCP MD5 authorization.

Table 13-30: List of operation commands
Command name	Description
show ip bgp	Shows information related to the BGP4 protocol.

(2) Verifying TCP MD5 Certification

TCP MD5 authorization is displayed by specifying neighbors and detail parameters in the operation command show ip bgp command.

Figure 13-44: Result of executing show ip bgp command (specifying neighbors detail parameter)
> show ip bgp neighbors detail Date 20XX/10/07 21:24:24 UTC BGP Peer: 192.168.2.2 , Remote AS: 65531 Remote Router ID: 192.168.2.100 BGP Status: Established HoldTime: 180 , Keepalive: 60 Established Transitions: 1 Established Date: 20XX/10/07 21:23:48 BGP Version: 4 Type: Internal Local Address: 192.168.2.1 Local AS: 65531 Local Router ID: 192.168.1.100 Next Connect Retry: - Connect Retry Timer: - Last Keep Alive Sent: 21:23:48 Last Keep Alive Received: 21:23:48 BGP Message UpdateIn UpdateOut TotalIn TotalOut 0 0 0 3 BGP Capability Negotiation: <IPv4-Uni Refresh Refresh(v)> Send : <IPv4-Uni Refresh Refresh(v)> Receive: <IPv4-Uni Refresh Refresh(v)> Password: UnConfigured ..1 BFD Name: -, BFD ID: -, BFD State: - BGP Peer: 172.16.2.2 , Remote AS: 65532 Remote Router ID: 172.16.2.100 BGP Status: Established HoldTime: 180 , Keepalive: 60 Established Transitions: 1 Established Date: 20XX/10/07 21:23:58 BGP Version: 4 Type: External Local Address: 172.16.2.1 Local AS: 65531 Local Router ID: 192.168.1.100 Next Connect Retry: - Connect Retry Timer: - Last Keep Alive Sent: 21:23:58 Last Keep Alive Received: 21:23:58 BGP Message UpdateIn UpdateOut TotalIn TotalOut 0 0 1 3 BGP Capability Negotiation: <IPv4-Uni Refresh Refresh(v)> Send : <IPv4-Uni Refresh Refresh(v)> Receive: <IPv4-Uni Refresh Refresh(v)> Password: Configured ..2 BFD Name: -, BFD ID: -, BFD State: -

Figure 13-44: Result of executing show ip bgp command (specifying neighbors detail parameter)

> show ip bgp neighbors detail
Date 20XX/10/07 21:24:24 UTC
BGP Peer: 192.168.2.2    , Remote AS: 65531
Remote Router ID: 192.168.2.100
    BGP Status: Established         HoldTime: 180  , Keepalive: 60
    Established Transitions: 1      Established Date: 20XX/10/07 21:23:48
    BGP Version: 4                  Type: Internal
    Local Address: 192.168.2.1      Local AS: 65531
    Local Router ID: 192.168.1.100
    Next Connect Retry: -           Connect Retry Timer: -
    Last Keep Alive Sent: 21:23:48  Last Keep Alive Received: 21:23:48
    BGP Message  UpdateIn   UpdateOut  TotalIn    TotalOut
                 0          0          0          3
    BGP Capability Negotiation: <IPv4-Uni Refresh Refresh(v)>
      Send   : <IPv4-Uni Refresh Refresh(v)>
      Receive: <IPv4-Uni Refresh Refresh(v)>
    Password: UnConfigured                                               ..1
    BFD Name: -, BFD ID: -, BFD State: -
 
BGP Peer: 172.16.2.2     , Remote AS: 65532
Remote Router ID: 172.16.2.100
    BGP Status: Established         HoldTime: 180  , Keepalive: 60
    Established Transitions: 1      Established Date: 20XX/10/07 21:23:58
    BGP Version: 4                  Type: External
    Local Address: 172.16.2.1       Local AS: 65531
    Local Router ID: 192.168.1.100
    Next Connect Retry: -           Connect Retry Timer: -
    Last Keep Alive Sent: 21:23:58  Last Keep Alive Received: 21:23:58
    BGP Message  UpdateIn   UpdateOut  TotalIn    TotalOut
                 0          0          1          3
    BGP Capability Negotiation: <IPv4-Uni Refresh Refresh(v)>
      Send   : <IPv4-Uni Refresh Refresh(v)>
      Receive: <IPv4-Uni Refresh Refresh(v)>
    Password: Configured                                                ..2
    BFD Name: -, BFD ID: -, BFD State: -

MD5 authentication was not used for connection with the peer whose remote peer address is 192.168.2.2.
MD5 authentication was used for connection with the peer whose remote peer address is 172.16.2.2.

Notes: A peer relationship is not established if TCP MD5 authentication fails (if the peer's BGP Status is not Established). Check the operation message to see if TCP MD5 authorization failed.