Table of Contents
Advertisement
Foundry Switch and Router Installation and Configuration Guide
20. Enter a password in the MD5 Password field to secure the Layer 3 Switch's sessions with this neighbor.
NOTE: You must configure the neighbor to use the same password.
21. Click the Add button (if you are adding a new neighbor) or the Modify button (if you are modifying a neighbor
that is already configured) to apply the changes to the device's running-config file.
22. Select the Save link at the bottom of the dialog, then select Yes when prompted to save the configuration
change to the startup-config file on the device's flash memory.
Encryption of BGP4 MD5 Authentication Keys
When you configure a BGP4 neighbor or neighbor peer group, you can specify an MD5 authentication string for
authenticating packets exchanged with the neighbor or peer group of neighbors.
For added security, the software encrypts display of the authentication string by default. The software also
provides an optional parameter to disable encryption of the authentication string, on an individual neighbor or peer
group basis. By default, the MD5 authentication strings are displayed in encrypted format in the output of the
following commands:
•
show running-config (or write terminal)
•
show configuration
•
show ip bgp config
When encryption of the authentication string is enabled, the string is encrypted in the CLI regardless of the access
level you are using.
If you are upgrading from a software release earlier than 07.1.14 on a device that is already configured for BGP4,
when you save the configuration to the startup-config file, the software automatically converts the command
syntax for BGP4 neighbors and peer groups into the new syntax that includes the encryption option. If you display
the running-config after reloading with software release 07.1.14 or later, the BGP4 commands that specify an
authentication string show the string in encrypted form.
In addition, when you save the configuration to the startup-config file, the file contains the new BGP4 command
syntax and encrypted passwords or strings.
NOTE: Foundry recommends that you save a copy of the startup-config file for each Layer 3 Switch you plan to
upgrade. If you need to return to a software release earlier than 07.1.14, the earlier software will not recognize the
passwords or authentication keys in their encrypted form and will not be able to convert them back to their clear
form.
Encryption Example
The following commands configure a BGP4 neighbor and a peer group, and specify MD5 authentication strings
(passwords) for authenticating packets exchanged with the neighbor or peer group.
BigIron(config-bgp-router)# local-as 2
BigIron(config-bgp-router)# neighbor xyz peer-group
BigIron(config-bgp-router)# neighbor xyz password abc
BigIron(config-bgp-router)# neighbor 10.10.200.102 peer-group xyz
BigIron(config-bgp-router)# neighbor 10.10.200.102 password test
Here is how the commands appear when you display the BGP4 configuration commands:
BigIron(config-bgp-router)# show ip bgp config
Current BGP configuration:
router bgp
local-as 2
neighbor xyz peer-group
neighbor xyz password 1 $!2d
neighbor 10.10.200.102 peer-group xyz
19 - 20
December 2000
- Quick Links:
- Configuring Ip Addresses
Hide quick links:
Advertisement
Chapters
Table of Contents
