Configuring MD5 Authentication

In MD5 authentication, a Message Digest 5 (MD5) authentication password is set for a TCP connection, and the MD5 authentication is performed by TCP. If authentication fails, no TCP connection will be established.

Context

The encryption algorithm used for MD5 authentication poses security risks. Therefore, you are advised to use an authentication mode based on a more secure encryption algorithm.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run bgp as-number

    The BGP view is displayed.

  3. Run peer { ipv4-address | group-name } password { cipher cipher-password | simple simple-password }

    An MD5 authentication password is set.

    An MD5 authentication password can be set in either of the following modes:

    • cipher cipher-password indicates that a password is set using a ciphertext string.
    • simple simple-password indicates that a password is set using a plaintext string.
    • The new password is at least eight characters long and contains at least two of upper-case letters, lower-case letters, digits, and special characters.
    • When configuring an authentication password, select the ciphertext mode because the password is saved in configuration files in simple text if you select the simple text mode, which has a high risk. To ensure device security, change the password periodically. If this command is run in the BGP view, the configuration also takes effect in an extended BGP address family view because they use the same TCP connection. BGP MD5 authentication and BGP keychain authentication are mutually exclusive.

  4. Run commit

    The configuration is committed.

Verifying the Configuration

After configuring MD5 authentication, verify the configuration:

  • Run the display bgp peer [ ipv4-address ] verbose command to view the authentication information about BGP peers.
Parent Topic: Improving BGP Security
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >