< Home

peer keychain (MSDP)

Function

The peer keychain command configures keychain authentication for establishing a TCP connection between MSDP peers and transmitting MSDP message.

The undo peer keychain command removes keychain authentication between MSDP peers.

By default, MSDP keychain authentication is not configured.

Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S support this command.

Format

peer peer-address keychain keychain-name

undo peer peer-address keychain

Parameters

Parameter Description Value
peer-address Specifies the address of an MSDP peer. The value is in dotted decimal notation.
keychain-name Specifies the name of the keychain. This parameter is set using the keychain command.

The value is a string of 1 to 47 case-insensitive characters. Except the question mark (?) and space. However, when double quotation marks (") are used around the string, spaces are allowed in the string.

Views

MSDP view of the public network instance or MSDP view of the VPN instance

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

MSDP supports MD5 authentication and keychain authentication that improve security on TCP connections between MSDP peers. Keychain authentication supports multiple algorithms and is more suitable than MD5 authentication for networks that require high security.

Prerequisites

MSDP peers have been configured using the peer connect-interface (MSDP) command.

A keychain in accordance with the configured keychain-name has been enabled using the keychain command; otherwise, the TCP connection cannot be set up.

Precautions

You must configure keychain authentication on both MSDP peers. Note that encryption algorithms and passwords configured for keychain authentication on both peers must be the same; otherwise, the TCP connection cannot be set up between MSDP peers and MSDP messages cannot be transmitted.

MSDP MD5 authentication and MSDP keychain authentication are mutually exclusive.

Example

# Configure MSDP keychain authentication between the local switch and the peer 10.1.1.2 and configure a keychain named huawei.

<HUAWEI> system-view
[HUAWEI] keychain huawei mode absolute
[HUAWEI-keychain-huawei] key-id 1
[HUAWEI-keychain-huawei-keyid-1] algorithm sha-256
[HUAWEI-keychain-huawei-keyid-1] key-string cipher Huawei@1234
[HUAWEI-keychain-huawei-keyid-1] quit
[HUAWEI-keychain-huawei] quit
[HUAWEI] multicast routing-enable
[HUAWEI] msdp
[HUAWEI-msdp] peer 10.1.1.2 connect-interface vlanif 100 
[HUAWEI-msdp] peer 10.1.1.2 keychain huawei
Parent Topic: MSDP Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >