Encryption of bgp4 md5 authentication keys – Brocade Communications Systems Layer 3 Routing Configuration ICX 6650 User Manual

Page 315

Advertising
background image

Brocade ICX 6650 Layer 3 Routing Configuration Guide

297

53-1002603-01

Basic configuration tasks required for BGP4

unsuppress-map map-name removes route dampening from a neighbor routes when those routes
have been dampened due to aggregation. Refer to

“Removing route dampening from neighbor

routes suppressed due to aggregation”

on page 357.

update-source ip-addr | ethernet port | loopback num | ve num configures the router to
communicate with the neighbor through the specified interface. There is no default.

weight num specifies a weight the Layer 3 switch will add to routes received from the specified
neighbor. BGP4 prefers larger weights over smaller weights. The default weight is 0.

Encryption of BGP4 MD5 authentication keys

When you configure a BGP4 neighbor or neighbor peer group, you can specify an MD5
authentication string for authenticating packets exchanged with the neighbor or peer group of
neighbors.

For added security, the software encrypts display of the authentication string by default. The
software also provides an optional parameter to disable encryption of the authentication string, on
an individual neighbor or peer group basis. By default, the MD5 authentication strings are
displayed in encrypted format in the output of the following commands:

show running-config (or write terminal)

show configuration

show ip bgp config

When encryption of the authentication string is enabled, the string is encrypted in the CLI
regardless of the access level you are using.

If you display the running-config after reloading, the BGP4 commands that specify an
authentication string show the string in encrypted form.

In addition, when you save the configuration to the startup-config file, the file contains the new
BGP4 command syntax and encrypted passwords or strings.

NOTE

Brocade recommends that you save a copy of the startup-config file for each switch you plan to
upgrade.

Encryption example

The following commands configure a BGP4 neighbor and a peer group, and specify MD5
authentication strings (passwords) for authenticating packets exchanged with the neighbor or peer
group.

Here is how the commands appear when you display the BGP4 configuration commands.

Brocade(config-bgp-router)#local-as 2

Brocade(config-bgp-router)#neighbor xyz peer-group

Brocade(config-bgp-router)#neighbor xyz password abc

Brocade(config-bgp-router)#neighbor 10.10.200.102 peer-group xyz

Brocade(config-bgp-router)#neighbor 10.10.200.102 password test

Advertising
Popular Brands
Popular manuals