< Home

Configuring MD5 Authentication

In BGP, MD5 authentication sets an MD5 authentication password for a TCP connection, and is performed by TCP. If authentication fails, no TCP connection will be established.

Context

BGP uses TCP as the transport layer protocol. To enhance BGP security, you can perform the Message Digest 5 (MD5) authentication when TCP connections are created. The MD5 authentication, however, does not authenticate BGP packets. Instead, it sets MD5 authentication passwords for TCP connections, and the authentication is then completed by TCP. If the authentication fails, TCP connections cannot be established.

Procedure

  1. Access the system view.

    system-view

  2. Access the BGP view.

    bgp { as-number-plain | as-number-dot }

  3. Set an MD5 authentication password.

    peer { ipv4-address | group-name } password { cipher cipher-password | simple simple-password }

    When configuring an authentication password, select the ciphertext mode because the password is saved in configuration files in explicittext if you select explicit mode, which has a high risk. To ensure device security, change the password periodically.

    The peer password command run in the BGP view is also applicable to the BGP-VPNv4 address family view, because both BGP and BGP-VPNv4 use the same TCP connection.

Parent Topic: Configuring BGP Security
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >