R3303-HP HSR6800 Routers Layer 3 - IP Routing Command Reference
276
Default
No MD5 authentication is performed.
Views
BGP view, BGP-VPN instance view
Default command level
2: System level
Parameters
group-name: Specifies the name of a peer group, a string of 1 to 47 characters.
ip-address: Specifies the IP address of a peer.
cipher: Specifies a ciphertext password.
simple: Specifies a plaintext password.
password: Password, a case-sensitive string of 1 to 137 characters in cipher text, or 1 to 80 characters
in plain text.
Usage guidelines
You can enable MD5 authentication to enhance security in the following ways:
• Perform MD5 authentication when establishing TCP connections. Only the two parties that have the
same password configured can establish TCP connections.
• Perform MD5 calculation on TCP packets to avoid modification to the encapsulated BGP packets.
For security purposes, all passwords, including passwords configured in plain text, are saved in cipher
text to the configuration file.
Examples
# In BGP view, perform MD5 authentication on the TCP connection set up between the local router
10 .1.10 0 .1 a n d t h e p e e r r o u t e r 10 .1.10 0 . 2.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp] peer 10.1.100.2 password simple aabbcc
# Perform the similar configuration on the peer.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp] peer 10.1.100.1 password simple aabbcc
# In BGP-VPN instance view, perform MD5 authentication on the TCP connection set up between the
l o c a l r o u t e r 10 .1.10 0 .1 a n d t h e p e e r r o u t e r 10 .1.10 0 . 2. ( T h e V P N h a s b e e n c r e a t e d . )
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp] ipv4-family vpn-instance vpn1
[Sysname-bgp-ipv4-vpn1] peer 10.1.100.2 password simple aabbcc
# Perform the similar configuration on the peer.
<Sysname> system-view
[Sysname] bgp 200
[Sysname-bgp] ipv4-family vpn-instance vpn1
[Sysname-bgp-ipv4-vpn1] peer 10.1.100.1 password simple aabbcc