peer password

Use peer password to enable MD5 authentication for a BGP peer or peer group.

Use undo peer password to remove MD5 authentication for a BGP peer or peer group.

Syntax

peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } password { cipher | simple } password

undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } password

Default

MD5 authentication is disabled.

Views

BGP instance view

BGP-VPN instance view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.

ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.

mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command enables MD5 authentication for all dynamic peers in the subnet.

ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.

prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command enables MD5 authentication for all dynamic peers in the subnet.

cipher: Specifies a password in encrypted form.

simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.

password: Specifies the password. Its encrypted form is a case-sensitive string of 33 to 137 characters. Its plaintext form is a case-sensitive string of 1 to 80 characters.

Usage guidelines

You can enable MD5 authentication to enhance security using the following methods:

The peer password and peer keychain commands are mutually exclusive.

Examples

# In BGP instance view, perform MD5 authentication on the TCP connection between local router 10.1.100.1 and peer router 10.1.100.2. Set the authentication password to aabbcc in plaintext form.

<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] peer 10.1.100.2 password simple aabbcc