HP VPN Firewall Appliances Network Management Command Reference
506
Examples
# In BGP view, set the next hop of routes advertised to peer group test to the router itself.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp] peer test next-hop-local
# In BGP-VPN instance view, set the next hop of routes advertised to peer group test to the router itself.
(The VPN has been created)
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp] ipv4-family vpn-instance vpn1
[Sysname-bgp-ipv4-vpn1] peer test next-hop-local
peer password
Use peer password to enable MD5 authentication for BGP peers.
Use undo peer password to disable the function.
Syntax
peer { group-name | ip-address } password { cipher | simple } password
undo peer { group-name | ip-address } password
Default
No MD5 authentication is performed.
Views
BGP view, BGP-VPN instance view
Default command level
2: System level
Parameters
group-name: Specifies the name of a peer group, a string of 1 to 47 characters.
ip-address: Specifies the IP address of a peer.
cipher: Specifies a ciphertext password.
simple: Specifies a plaintext password.
password: Password, a case-sensitive string of 1 to 137 characters in cipher text, or 1 to 80 characters
in plain text.
Usage guidelines
You can enable MD5 authentication to enhance security in the following ways:
• Perform MD5 authentication when establishing TCP connections. Only the two parties that have the
same password configured can establish TCP connections.
• Perform MD5 calculation on TCP packets to avoid modification to the encapsulated BGP packets.
For security purposes, all passwords, including passwords configured in plain text, are saved in cipher
text.