Configuring Keychain Authentication - Huawei Quidway NetEngine80E Configuration Manual
Universal service router, ip routing
Hide thumbs
Also See for Quidway NetEngine80E:
- Configuration manual - reliability (1432 pages) ,
- Configuration manual (341 pages) ,
- Installation manual (169 pages)
Advertisement
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Routing
An MD5 authentication password can be set either in cipher or plain text.
l cipher cipher-password indicates that a password is recorded in cipher text. This means that
l simple simple-password indicates that a password is recorded in plain text. This means that
----End
8.23.3 Configuring Keychain Authentication
Keychain authentication needs to be configured on two devices that establish a BGP peer
relationship. The encryption algorithms and passwords for keychain authentication on both peers
must be the same. This allows the peers to establish a TCP connection to exchange BGP packets.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
bgp { as-number-plain | as-number-dot }
The BGP view is displayed.
Step 3 Run:
peer { ipv4-address | group-name } keychain keychain-name
Keychain authentication is configured.
Keychain authentication needs to be configured on two devices that establish a BGP peer
relationship. The encryption algorithms and passwords for keychain authentication on both peers
must be the same. This allows the peers to establish a TCP connection to exchange BGP packets.
Before configuring BGP keychain authentication, ensure that the keychain specified by
keychain-name has been configured. Otherwise, no TCP connection can be set up between two
BGP peers.
----End
Issue 02 (2014-09-30)
a password is encrypted using a special algorithm and then recorded in a configuration file.
a password is directly recorded in a configuration file.
NOTE
When configuring an authentication password, select the ciphertext mode because the password is saved
in configuration files in plaintext if you select simple mode, which has a high risk. To ensure device security,
change the password periodically.
The peer password command run in the BGP view is also applicable to the BGP-VPNv4 address family
view, because both BGP and BGP-VPNv4 use the same TCP connection.
NOTE
l The peer keychain command run in the BGP view is also applicable to the BGP-VPNv4 address family
view, because both BGP and BGP-VPNv4 use the same TCP connection.
l BGP MD5 authentication and BGP keychain authentication are mutually exclusive.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
8 BGP Configuration
866
Hide quick links:
Advertisement
