peer password (MSDP)

Function

The peer password command configures MD5 authentication for establishing a TCP connection between MSDP peers.

The undo peer password command removes the MD5 authentication between MSDP peers.

By default, the MSDP MD5 authentication is not configured.

Format

peer peer-address password { cipher cipher-password | simple simple-password }

undo peer peer-address password

Parameters

Parameter	Description	Value
peer-address	Specifies the address of an MSDP peer.	The address is in dotted decimal notation.
cipher cipher-password	Specifies the password in the cipher text.	The value is a string of case sensitive characters without any space. A cipher password may contain 1 to 255 plain characters or 20 to 392 encrypted characters. When double quotation marks are used around the string, spaces are allowed in the string.
simple simple-password	Specifies the password in the plain text. NOTICE: If simple is selected, the password is saved in the configuration file in plain text. This brings high security risks. It is recommended that you select cipher to save the password in cipher text. To improve the device security, change the password periodically.	The value is a string of 1 to 255 case-sensitive characters without spaces. When double quotation marks are used around the string, spaces are allowed in the string.

Parameter

Description

Value

peer-address

Specifies the address of an MSDP peer.

The address is in dotted decimal notation.

cipher cipher-password

Specifies the password in the cipher text.

The value is a string of case sensitive characters without any space. A cipher password may contain 1 to 255 plain characters or 20 to 392 encrypted characters.

When double quotation marks are used around the string, spaces are allowed in the string.

simple simple-password

Specifies the password in the plain text.

NOTICE:

If simple is selected, the password is saved in the configuration file in plain text. This brings high security risks. It is recommended that you select cipher to save the password in cipher text. To improve the device security, change the password periodically.

The value is a string of 1 to 255 case-sensitive characters without spaces.

When double quotation marks are used around the string, spaces are allowed in the string.

Views

MSDP view of the public network instance or MSDP view of the VPN instance

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

MSDP supports MD5 authentication and keychain authentication that improves security on TCP connections between MSDP peers.

Prerequisites

MSDP peers have been configured using the peer connect-interface (MSDP) command.

Precautions

MD5 is not a secure authentication algorithm. For security purposes, you are advised to use the more secure Keychain algorithm for MSDP authentication.

MSDP peers must be configured with the same authentication password; otherwise, the TCP connections cannot be set up between MSDP peers and MSDP messages cannot be transmitted. The authentication password on peers can be in different formats, for example, the password on one end can be in the cipher text while the password on the peer can be in the plain text.

MSDP MD5 authentication and MSDP keychain authentication are mutually exclusive.

Example

# Configure MSDP MD5 authentication between the local switch and the peer 10.1.1.1 and set the authentication password to Huawei@1234 in the cipher text.

<HUAWEI> system-view
[HUAWEI] multicast routing-enable
[HUAWEI] msdp
[HUAWEI-msdp] peer 10.1.1.1 connect-interface vlanif 100 
[HUAWEI-msdp] peer 10.1.1.1 password cipher Huawei@1234