Enabling md5 authentication for tcp connections, Configuration prerequisites, Configuration procedure – H3C Technologies H3C S12500 Series Switches User Manual

Page 387

Advertising
background image

371

Enabling MD5 authentication for TCP connections

IPv6 BGP employs TCP as the transport protocol. To enhance security, configure IPv6 BGP to perform

MD5 authentication when establishing a TCP connection. If the authentication fails, no TCP connection

can be established.
The MD5 authentication for establishing TCP connections does not apply to BGP packets.
The MD5 authentication requires that the two parties have the same authentication mode and password

to establish a TCP connection; otherwise, no TCP connection can be established due to authentication

failure.
To enable MD5 authentication for TCP connections:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter BGP view.

bgp as-number

N/A

3.

Enter IPv6 address family view
or IPv6 BGP-VPN instance

view.

ipv6-family [ vpn-instance
vpn-instance-name ]

N/A

4.

Enable MD5 authentication
when establishing a TCP

connection to the peer or peer

group.

peer { group-name |
ipv6-address } password { cipher |

simple } password

Not enabled by default.
The IPv6 BGP-VPN instance view
does not support the group-name

argument.

Applying an IPsec policy to an IPv6 BGP peer or peer group

To protect routing information and defend attacks, IPv6 BGP can authenticate protocol packets by using

an IPsec policy.
Outbound IPv6 BGP packets carry the Security Parameter Index (SPI) defined in the IPsec policy. A device

uses the SPI carried in a received packet to match against the configured IPsec policy. If they match, the

device accepts the packet; otherwise, it discards the packet and will not establish a neighbor relationship

with the sending device.

Configuration prerequisites

Before you apply an IPsec policy to a peer or peer group, complete following tasks:

Create an IPsec proposal.

Create an IPsec policy.

For more information about IPsec policy configuration, see Security Configuration Guide.

Configuration procedure

To apply an IPsec policy to a peer or peer group

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter BGP view.

bgp as-number

N/A

Advertising
This manual is related to the following products:

H3C S9500E Series Switches, H3C MSR 5600, H3C MSR 50, H3C MSR 3600, H3C MSR 30, H3C MSR 2600, H3C MSR 20-2X[40], H3C MSR 20-1X, H3C MSR 930, H3C MSR 900, H3C SecPath F5020, H3C SecPath F5040, H3C VMSG VFW1000

Popular Brands
Popular manuals