350-401 · Question #485
A network engineer configures BGP between R1 and R2. Both routers use BGP peer group CORP and are set up to use MD5 authentication. This message is logged to the console of router R1: May 5 39:85:55.4
The correct answer is A. R1(config-router)#neighbor 10.10.10.1 peer-group CORP B. R2(config-router)#neighbor 10.120.10.1 peer-group CORP. The TCP-6-BADAUTH message indicates an MD5 authentication failure between R1 and R2, meaning the BGP peering session cannot establish until both routers correctly define each other as neighbors within the CORP peer group.
Question
A network engineer configures BGP between R1 and R2. Both routers use BGP peer group CORP and are set up to use MD5 authentication. This message is logged to the console of router R1:
May 5 39:85:55.469: %TCP-6-BADAUTH Invalid MD5 digest from 10.10.10.1 (29832) to 10.120.10.1 (179) tebleid -0 Which two configuration allow peering session to from between R1 and R2? Choose two.)
Options
- AR1(config-router)#neighbor 10.10.10.1 peer-group CORP
- BR2(config-router)#neighbor 10.120.10.1 peer-group CORP
- CR2(config-router)#neighbor 10.10.10.1 peer-group CORP
- DR1(config-router)#neighbor 10.120.10.1 peer-group CORP
- ER2(config-router)#neighbor 10.10.10.1 peer-group CORP
How the community answered
(33 responses)- A55% (18)
- C6% (2)
- D12% (4)
- E27% (9)
Why each option
The `TCP-6-BADAUTH` message indicates an MD5 authentication failure between R1 and R2, meaning the BGP peering session cannot establish until both routers correctly define each other as neighbors within the `CORP` peer group.
On R1 (10.120.10.1), `neighbor 10.10.10.1 peer-group CORP` correctly identifies R2's IP address (10.10.10.1) as its BGP peer and assigns it to the `CORP` peer group, which is pre-configured with the necessary MD5 authentication.
On R2 (10.10.10.1), `neighbor 10.120.10.1 peer-group CORP` correctly identifies R1's IP address (10.120.10.1) as its BGP peer and assigns it to the `CORP` peer group, completing the symmetric configuration required for a BGP peering session to form with MD5 authentication.
This command on R2 attempts to configure a BGP neighbor with its own IP address (10.10.10.1), which is incorrect for establishing an external BGP peering session.
This command on R1 attempts to configure a BGP neighbor with its own IP address (10.120.10.1), which is incorrect for establishing an external BGP peering session.
This command is identical to choice C, which incorrectly attempts to configure R2 to peer with itself.
Concept tested: BGP neighbor configuration with peer groups and MD5 authentication
Source: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-16/irg-xe-16-book/bgp-peer-groups.html
Topics
Community Discussion
No community discussion yet for this question.