peer ssl-policy (BGP view)

Function

The peer ssl-policy name command applies an SSL policy to an SSL client or server.

The peer ssl-policy disable command disables an SSL policy applied to an SSL client or server.

The undo peer ssl-policy name command cancels the configuration of applying an SSL policy to an SSL client or server.

The undo peer ssl-policy disable command restores the default configuration and takes effect only when the peer ssl-policy disable command is run.

By default, no SSL policy is applied to an SSL client or server.

Format

peer { ipv4-address | ipv6-address } ssl-policy name ssl-policy-name

peer { ipv4-address | ipv6-address } ssl-policy disable

undo peer { ipv4-address | ipv6-address } ssl-policy name ssl-policy-name

undo peer { ipv4-address | ipv6-address } ssl-policy disable

Parameters

Parameter Description Value
ipv4-address

Specifies the IPv4 address of a BGP peer.

The value is in dotted decimal notation.
ipv6-address

Specifies the IPv6 address of a peer.

The value is a 32-digit hexadecimal number, in the format of X:X:X:X:X:X:X:X.
name ssl-policy-name

Specifies the name of an SSL policy.

The value is a string of 1 to 23 case-insensitive characters. It cannot contain spaces.
disable

Disables an SSL policy applied to an SSL client or server.

-

Views

BGP view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
bgp write

Usage Guidelines

Usage Scenario

The Secure Sockets Layer (SSL) protocol protects data privacy on the Internet by preventing attackers from eavesdropping on data exchanged between a client and a server. Specifically, to ensure data transmission security on a network, an SSL policy needs to be applied to an SSL client or server using the peer ssl-policy name command, and SSL data encryption, identity authentication, and message integrity verification mechanisms need to be used.

Prerequisites

An SSL policy has been created using the ssl policy command, and a peer relationship has been established using the peer as-number command.

Precautions

The same SSL policy cannot be applied to different SSL roles.

The SSL policy configuration for a peer takes precedence over that for a peer group to which the peer belongs.

SSL/TLS authentication takes effect only when SSL client and server roles are specified, SSL policies are applied to the client and server, and SSL/TLS authentication is enabled on the server (SSL/TLS authentication is not required on the client).

Example

# Apply the SSL policy named ftps_der to an SSL client.
<HUAWEI> system-view
[~HUAWEI] ssl policy ftps_der
[*HUAWEI-ssl-policy-ftps_der] quit
[*HUAWEI] bgp 100
[*HUAWEI-bgp] peer 10.1.1.2 as-number 100
[*HUAWEI-bgp] peer 10.1.1.2 ssl-policy name ftps_der
Parent Topic: BGP Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >