R2511-HP MSR Router Series Layer 3 - IP Routing Command Reference(V5)
262
undo peer { group-name | ip-address } password
Default
No MD5 authentication is performed.
Views
BGP view, BGP-VPN instance view
Default command level
2: System level
Parameters
group-name: Specifies the name of a peer group, a string of 1 to 47 characters.
ip-address: Specifies the IP address of a peer.
cipher: Specifies a ciphertext password.
simple: Specifies a plaintext password.
password: Specifies a password, a case-sensitive string of 1 to 137 characters in cipher text, or 1 to 80
characters in plain text.
Usage guidelines
Once MD5 authentication is enabled, both parties must be configured with the same authentication
mode and password. Otherwise, the TCP connection will not be set up.
You can enable MD5 authentication to enhance security in the following ways:
• Perform MD5 authentication when establishing TCP connections. Only the two parties that have the
same password configured can establish TCP connections.
• Perform MD5 calculation on TCP packets to avoid modification to the encapsulated BGP packets.
For security purposes, all passwords, including passwords configured in plain text, are saved in cipher
text to the configuration file.
Examples
# In BGP view, perform MD5 authentication on the TCP connection set up between the local router
10 .1.10 0 .1 a n d t h e p e e r r o u t e r 10 .1.10 0 . 2.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp] peer 10.1.100.2 password simple aabbcc
# Perform the similar configuration on the peer.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp] peer 10.1.100.1 password simple aabbcc
# In BGP-VPN instance view, perform MD5 authentication on the TCP connection set up between the
l o c a l r o u t e r 10 .1.10 0 .1 a n d t h e p e e r r o u t e r 10 .1.10 0 . 2. ( T h e V P N h a s b e e n c r e a t e d . )
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp] ipv4-family vpn-instance vpn1
[Sysname-bgp-ipv4-vpn1] peer 10.1.100.2 password simple aabbcc
# Perform the similar configuration on the peer.
<Sysname> system-view