peer password
Use peer password to enable MD5 authentication for a BGP peer or peer group.
Use undo peer password to remove MD5 authentication for a BGP peer or peer group.
Syntax
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } password { cipher | simple } password
undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } password
Default
MD5 authentication is disabled.
Views
BGP instance view
BGP-VPN instance view
Predefined user roles
network-admin
Parameters
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.
ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.
mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command enables MD5 authentication for all dynamic peers in the subnet.
ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.
prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command enables MD5 authentication for all dynamic peers in the subnet.
cipher: Specifies a password in encrypted form.
simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.
password: Specifies the password. Its encrypted form is a case-sensitive string of 33 to 137 characters. Its plaintext form is a case-sensitive string of 1 to 80 characters.
Usage guidelines
You can enable MD5 authentication to enhance security using the following methods:
Perform MD5 authentication when establishing TCP connections. Only the two parties that have the same password configured can establish TCP connections.
Perform MD5 calculation on TCP segments to avoid modification to the encapsulated BGP packets.
The peer password and peer keychain commands are mutually exclusive.
Examples
# In BGP instance view, perform MD5 authentication on the TCP connection between local router 10.1.100.1 and peer router 10.1.100.2. Set the authentication password to aabbcc in plaintext form.
<Sysname> system-view [Sysname] bgp 100 [Sysname-bgp-default] peer 10.1.100.2 password simple aabbcc