Enabling md5 authentication for tcp connections – H3C Technologies H3C S12500 Series Switches User Manual

Page 248

Advertising
background image

232

After you enable the 4-byte AS number suppression function, the peer device can then process the Open

message even though it does not support 4-byte AS numbers, and the BGP session can be established.
If the peer device supports 4-byte AS numbers, do not enable the 4-byte AS number suppression function;

otherwise, the BGP peer relationship cannot be established.
To enable 4-byte AS number suppression:

Step Command

Remarks

1.

Enter system view.

system-view N/A

2.

Enter BGP view or BGP-VPN

instance view.

Enter BGP view:
bgp as-number

Enter BGP-VPN instance view:

a.

bgp as-number

b.

ipv4-family vpn-instance
vpn-instance-name

Use either method.

3.

Enable 4-byte AS number

suppression.

peer { group-name | ip-address }

capability-advertise
suppress-4-byte-as

Disabled by default.

Enabling quick reestablishment of direct EBGP session

When the link to a directly connected EBGP peer is down, the router, with quick EBGP session
reestablishment enabled, will tear down the session to the peer, and then reestablish a session

immediately. If the function is not enabled, the router does not tear down the session until the holdtime

times out. A route flap will not affect the EBGP session state when the quick EBGP session reestablishment

is disabled.
To enable quick reestablishment of direct EBGP session:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter BGP view or BGP-VPN
instance view.

Enter BGP view:

bgp as-number

Enter BGP-VPN instance view:

a.

bgp as-number

b.

ipv4-family vpn-instance

vpn-instance-name

Use either method.

3.

Enable quick reestablishment
of direct EBGP session.

ebgp-interface-sensitive

Optional.
Not enabled by default.

Enabling MD5 authentication for TCP connections

You can enable MD5 authentication to enhance security in the following ways:

Perform MD5 authentication when establishing TCP connections. Only the two parties that have the
same password configured can establish TCP connections.

Perform MD5 calculation on TCP packets to avoid modification to the encapsulated BGP packets.

Advertising
This manual is related to the following products:

H3C S9500E Series Switches, H3C MSR 5600, H3C MSR 50, H3C MSR 3600, H3C MSR 30, H3C MSR 2600, H3C MSR 20-2X[40], H3C MSR 20-1X, H3C MSR 930, H3C MSR 900, H3C SecPath F5020, H3C SecPath F5040, H3C VMSG VFW1000

Popular Brands
Popular manuals