< Home

peer keychain (MSDP)

Function

The peer keychain command configures Key-Chain authentication to establish a TCP connection between MSDP peers and transmit MSDP message.

The undo peer keychain command removes Key-Chain authentication between MSDP peers.

Format

peer peer-address keychain keychain-name

undo peer peer-address keychain

Parameters

Parameter Description Value
peer-address Specifies the address of an MSDP peer. The value is in dotted decimal notation.
keychain-name Specifies the name of the Key-Chain. The value is a string of 1 to 47 characters.

Views

MSDP view

Default Level

2: Configuration level

Usage Guidelines

By default, MSDP Key-Chain authentication is not configured. Configuring MSDP Key-Chain authentication is recommended to improve the system security.

Authentication improves the security of the TCP connection. You must configure Key-Chain authentication on both MSDP peers. Note that the encryption algorithms and passwords configured for Key-Chain authentication must be the same on both peers. Otherwise, the TCP connection cannot be set up between MSDP peers and MSDP messages cannot be transmitted.

Before configuring the MSDP keychain authentication, configure a Key-Chain in accordance with the configured keychain-name. Otherwise, the TCP connection cannot be set up.

MSDP Message-digest algorithm 5 (MD5) authentication and MSDP Key-Chain authentication are mutually exclusive.

Example

# Configure MSDP Key-Chain authentication between the local FW and the peer 1.1.1.1 and configure a Key-Chain named example123.

<sysname> system-view
[sysname] msdp
[sysname-msdp] peer 1.1.1.1 keychain example123
Parent Topic: MSDP Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >