.. _example_protocols_bgp_peer-group_authentication:

##############
Authentication
##############


.. sidebar:: Contents

  .. contents::
    :depth: 2
    :local:

Scenario to verify BGP **peer-group password** and **encrypted-password**
inheritance. MD5 authentication protects BGP sessions against spoofed TCP
segments by requiring both peers to share a secret. Two configuration methods
exist:

- **password <plain-text>**: Accepts a plain-text password that is automatically
  stored and displayed in encrypted form for security reasons, so the
  documentation shows the encrypted version.

- **encrypted-password <hash>**: Accepts an already-encrypted password string,
  useful for bulk provisioning or configuration templates.

When the passwords do not match between peers, the TCP MD5 signature check
fails and the BGP session cannot establish. When configured on a peer-group,
all members of the group inherit the authentication credentials.

**********************************************
Test iBGP - Peer-group password authentication
**********************************************

Description
===========

Test ``password`` and ``encrypted-password`` on a peer-group with match and mismatch scenarios.

Scenario
========

.. include:: authentication/testibgp-peer-grouppasswordauthentication

.. raw:: html

  <hr>