peer password
Function
The peer password command enables a BGP device to implement MD5 authentication for BGP messages exchanged during the establishment of a TCP connection with a peer.
The undo peer password command restores the default setting.
By default, a BGP device does not perform MD5 authentication for BGP messages exchanged during the establishment of a TCP connection with a peer.
Format
peer { group-name | ipv4-address | ipv6-address } password { cipher cipher-password | simple simple-password }
undo peer { group-name | ipv4-address | ipv6-address } password
Parameters
| Parameter | Description | Value |
|---|---|---|
group-name |
Specifies the name of a peer group. |
The name is a string of 1 to 47 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string. |
ipv4-address |
Specifies the IPv4 address of a peer. |
It is in dotted decimal notation. |
ipv6-address |
Specifies the IPv6 address of a peer. |
The value is a 32-digit hexadecimal number, in the format of X:X:X:X:X:X:X:X. |
cipher cipher-password |
Specifies a cipher text password. |
The value is a string of case-sensitive characters without spaces. When the value is displayed in plaintext, its length ranges from 1 to 255. When the value is displayed in ciphertext, its length ranges from 20 to 392. |
simple simple-password |
Specifies a simple password. NOTICE:
If simple is selected, the password is saved in the configuration file in plain text. This brings security risks. It is recommended that you select cipher to save the password in cipher text. |
The value is a string of 1 to 255 case-sensitive characters, without spaces. |
- ipv4-address is valid only in the BGP view, BGP-VPN instance IPv4 address family view, and BGP-VPN instance IPv6 address family view.
- ipv6-address is valid only in the BGP view and BGP-VPN instance IPv6 address family view.
Views
BGP view, BGP-VPN instance IPv4 address family view, BGP-VPN instance IPv6 address family view
Usage Guidelines
Usage Scenario
BGP uses TCP as the transport layer protocol. To enhance BGP security, MD5 authentication can be implemented for BGP packets exchanged during the establishment of a TCP connection. MD5 authentication sets the MD5 authentication password for the TCP connection, and the authentication is performed by TCP.
Prerequisites
Peer relationships have been established using the peer as-number command.
Precautions
After the peer password command is run, if the MD5 authentication fails, no TCP connection is established.
MD5 authentication and keychain authentication are mutually exclusive on a peer.
After the peer password command is run on a device to enable MD5 authentication, the device will re-establish the peer relationship with its peer.