Table of Contents
Advertisement
Step
2.
Enter BGP instance view or
BGP-VPN instance view.
3.
Enable MD5 authentication
for a BGP peer group or
peer.
Enabling keychain authentication for BGP peers
Keychain authentication enhances the security of TCP connection establishment between BGP
peers. It allows BGP peers to establish TCP connections only when the following conditions are met:
•
Keychain authentication is enabled on both BGP peers.
•
The keys used by the BGP peers have the same authentication algorithm and key string.
Before configuring keychain authentication, make sure the specified keychain has been created.
For more information about keychains, see Security Configuration Guide.
To enable keychain authentication for BGP peers (IPv4 unicast/multicast address family):
Step
1.
Enter system view.
2.
Enter BGP instance view of
BGP-VPN instance view.
3.
Enable keychain
authentication for a BGP
peer or peer group.
To enable keychain authentication for BGP peers (IPv6 unicast/multicast address family):
Step
1.
Enter system view.
Command
•
Enter BGP instance view:
bgp as-number [ instance
instance-name ]
•
Enter BGP-VPN instance
view:
a. bgp as-number
[ instance
instance-name ]
b. ip vpn-instance
vpn-instance-name
peer { group-name | ipv6-address
[ prefix-length ] } password
{ cipher | simple } password
Command
system-view
•
Enter BGP instance view:
bgp as-number [ instance
instance-name ]
•
Enter BGP-VPN instance
view:
a. bgp as-number
[ instance
instance-name ]
b. ip vpn-instance
vpn-instance-name
peer { group-name | ip-address
[ mask-length ] } keychain
keychain-name
Command
system-view
280
Remarks
N/A
By default, MD5 authentication is
disabled.
Remarks
N/A
N/A
By default, keychain
authentication is disabled.
Remarks
N/A
Advertisement
Table of Contents
Troubleshooting
