< Home

Configuring Keychain Authentication

Keychain authentication needs to be configured on two devices that establish a BGP peer relationship. The encryption algorithms and passwords for keychain authentication on both peers must be the same. This allows the peers to establish a TCP connection to exchange BGP packets.

Procedure

  1. Access the system view.

    system-view

  2. Access the BGP view.

    bgp { as-number-plain | as-number-dot }

  3. Configure keychain authentication.

    peer { ipv4-address | group-name } keychain keychain-name

    Keychain authentication needs to be configured on two devices that establish a BGP peer relationship. The encryption algorithms and passwords for keychain authentication on both peers must be the same. This allows the peers to establish a TCP connection to exchange BGP packets.

    Before configuring BGP keychain authentication, ensure that the keychain specified by keychain-name has been configured. Otherwise, no TCP connection can be set up between two BGP peers.

    The peer keychain command run in the BGP view is also applicable to the BGP-VPNv4 address family view, because both BGP and BGP-VPNv4 use the same TCP connection.

    BGP MD5 authentication and BGP keychain authentication are mutually exclusive.

Parent Topic: Configuring BGP Security
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic