< Home

Configuring Keychain Authentication

You need to configure Keychain authentication on both BGP4+ peers, and ensure that encryption algorithms and passwords configured for Keychain authentication on both peers are the same. Otherwise, TCP connections cannot be established between BGP4+ peers, and BGP4+ messages cannot be exchanged.

Procedure

  1. Access the system view.

    system-view

  2. Access the BGP view.

    bgp { as-number-plain | as-number-dot }

  3. Configure Keychain authentication.

    peer { ipv6-address | group-name } keychain keychain-name

    You must configure Keychain authentication on both BGP peers. Note that encryption algorithms and passwords configured for the Keychain authentication on both peers must be the same; otherwise, the TCP connection cannot be set up between BGP peers and BGP messages cannot be transmitted.

    Before configuring the BGP Keychain authentication, configure a Keychain in accordance with the configured keychain-name. Otherwise, the TCP connection cannot be set up.

    When this command is used in the BGP view, the extensions on VPNv6 of MP-BGP are also valid because they use the same TCP connection.

    The BGP MD5 authentication and BGP Keychain authentication are mutually exclusive.

Parent Topic: Configuring BGP4+ Security
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic