Configuring Keychain Authentication - Huawei Quidway NetEngine80E Configuration Manual
Universal service router, ip routing
Hide thumbs
Also See for Quidway NetEngine80E:
- Configuration manual - reliability (1432 pages) ,
- Configuration manual (341 pages) ,
- Installation manual (169 pages)
Advertisement
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Routing
Step 3 Run:
peer { ipv6-address | group-name } password { cipher cipher-password | simple
simple-password }
The MD5 authentication password is configured.
----End
9.16.3 Configuring Keychain Authentication
You need to configure Keychain authentication on both BGP4+ peers, and ensure that encryption
algorithms and passwords configured for Keychain authentication on both peers are the same.
Otherwise, TCP connections cannot be established between BGP4+ peers, and BGP4+ messages
cannot be exchanged.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
bgp { as-number-plain | as-number-dot }
The BGP view is displayed.
Step 3 Run:
peer { ipv6-address | group-name } keychain keychain-name
The Keychain authentication is configured.
You must configure Keychain authentication on both BGP peers. Note that encryption
algorithms and passwords configured for the Keychain authentication on both peers must be the
same; otherwise, the TCP connection cannot be set up between BGP peers and BGP messages
cannot be transmitted.
Before configuring the BGP Keychain authentication, configure a Keychain in accordance with
the configured keychain-name. Otherwise, the TCP connection cannot be set up.
----End
Issue 02 (2014-09-30)
NOTE
When configuring an authentication password, select the ciphertext mode because the password is saved
in configuration files in plaintext if you select simple mode, which has a high risk. To ensure device security,
change the password periodically.
When the peer password command is used in the BGP view, the extensions on Virtual Private Network
version 6 (VPNv6) of MP-BGP are also valid because they use the same TCP connection.
The BGP MD5 authentication and BGP Keychain authentication are mutually exclusive.
NOTE
l When this command is used in the BGP view, the extensions on VPNv6 of MP-BGP are also valid
because they use the same TCP connection.
l The BGP MD5 authentication and BGP Keychain authentication are mutually exclusive.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
9 BGP4+ Configuration
1118
Hide quick links:
Advertisement
