Encrypting bgp4 md5 authentication keys, Encryption example – Brocade Virtual ADX Switch and Router Guide (Supporting ADX v03.1.00) User Manual

Page 249

Advertising
background image

Brocade Virtual ADX Switch and Router Guide

235

53-1003246-01

Configuring BGP4 neighbors

8

The software also contains an option to end the session with a BGP4 neighbor and clear the routes
learned from the neighbor. Unlike this clear option, the option for shutting down the neighbor can
be saved in the startup configuration file and can prevent the device from establishing a BGP4
session with the neighbor even after reloading the software.

NOTE

If you notice that a particular BGP4 neighbor never establishes a session with the device, check the
running configuration and startup configuration files for that device to see whether the configuration
contains a command that is shutting down the neighbor. The neighbor may have been shut down
previously by an administrator.

To shut down a BGP4 neighbor, enter commands such as the following.

Virtual ADX(config)# router bgp

Virtual ADX(config-bgp-router)# neighbor 10.157.22.26 shutdown

Virtual ADX(config-bgp-router)# write memory

Syntax: [no] neighbor ip-addr shutdown

The ip-addr parameter specifies the IP address of the neighbor.

Encrypting BGP4 MD5 authentication keys

When you configure a BGP4 neighbor, you can specify an MD5 authentication string to
authenticate packets exchanged with the neighbor.

For added security, by default, the software encrypts the display of the authentication string. The
software also provides an optional parameter to disable encryption of the authentication string, on
an individual neighbor basis. By default, MD5 authentication strings are displayed in encrypted
format in the output of the following commands:

show running-config (or write terminal)

show configuration

show ip bgp config

When encryption of the authentication string is enabled, the string is encrypted in the CLI
regardless of the access level you are using.

When you save the configuration to the startup configuration file, the file contains the new BGP4
command syntax and encrypted passwords or strings.

NOTE

It is recommended that you save a copy of the startup configuration file for each device you plan to
upgrade.

Encryption example

The following commands configure a BGP4 neighbor, and specify MD5 authentication strings
(passwords) to authenticate packets exchanged with the neighbor.

Virtual ADX(config-bgp-router)# local-as 2

Virtual ADX(config-bgp-router)# neighbor ip-address

Virtual ADX(config-bgp-router)# neighbor ip-address password abc

Virtual ADX(config-bgp-router)# neighbor 10.10.200.102 password test

Advertising
Popular Brands
Popular manuals