peer ssl-policy role

Function

The peer ssl-policy role client command configures a peer as an SSL client.

The undo peer ssl-policy role client command cancels the SSL client configuration.

The peer ssl-policy role server command configures a peer as an SSL server.

The undo peer ssl-policy role server command cancels the SSL server configuration.

The peer ssl-policy role disable command disables SSL role setting for a peer.

The undo peer ssl-policy role disable command restores the default configuration and takes effect only when the peer ssl-policy role disable command is run.

By default, no peer is configured as an SSL client or server.

Format

peer { ipv4-address | ipv6-address } ssl-policy role server

peer { ipv4-address | ipv6-address } ssl-policy role client

peer { ipv4-address | ipv6-address } ssl-policy role disable

undo peer { ipv4-address | ipv6-address } ssl-policy role server

undo peer { ipv4-address | ipv6-address } ssl-policy role client

undo peer { ipv4-address | ipv6-address } ssl-policy role disable

Parameters

Parameter Description Value
ipv4-address

Specifies the IPv4 address of a BGP peer.

The value is in dotted decimal notation.
ipv6-address

Specifies the IPv6 address of a peer.

The value is a 32-digit hexadecimal number, in the format of X:X:X:X:X:X:X:X.
disable

Disables SSL role setting for a peer.

-

Views

BGP view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
bgp write

Usage Guidelines

Usage Scenario

The Secure Sockets Layer (SSL) protocol protects data privacy on the Internet by preventing attackers from eavesdropping on data exchanged between a client and a server. Specifically, to ensure data transmission security on a network, a peer needs to be configured as an SSL client using the peer ssl-policy role client command or as a server using the peer ssl-policy role server command, and the SSL data encryption, identity authentication, and message integrity verification mechanisms need to be used.

Prerequisites

A BGP peer relationship has been established using the peer as-number command.

Precautions

A set SSL role (server or client) of a peer or peer group cannot be changed to another role unless you first run the peer ssl-policy role disable or undo peer ssl-policy role command to cancel the role configuration of the peer.

If a peer or peer group is configured as an SSL client, the peer listen-only command cannot be run. That is, the peer listen-only command is mutually exclusive with the peer ssl-policy role client command. If a peer or peer group is configured as an SSL server, the peer connect-only command cannot be run. That is, the peer connect-only command is mutually exclusive with the peer ssl-policy role client command.

The SSL role configuration for a peer takes precedence over that for a peer group to which the peer belongs.

SSL/TLS authentication takes effect only when SSL client and server roles are specified, SSL policies are applied to the client and server, and SSL/TLS authentication is enabled on the server (SSL/TLS authentication is not required on the client).

Example

# Configure a peer as an SSL client.
<HUAWEI> system-view
[~HUAWEI] bgp 100
[*HUAWEI-bgp] peer 10.1.1.2 as-number 100
[*HUAWEI-bgp] peer 10.1.1.2 ssl-policy role client
Parent Topic: BGP Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >