beautypg.com

Encrypting bgp4 md5 authentication keys – Brocade FastIron Ethernet Switch Layer 3 Routing Configuration Guide User Manual

Page 405

background image

2 10.1.44.0/24 10.2.0.1 1 101 32768 BLS

AS_PATH:

In this example, the aggregate-address command configures an aggregate address of 10.1.0.0
255.255.0.0. and the summary-only parameter prevents the device from advertising more specific
routes contained within the aggregate route.

Entering a show ip bgp route command for the aggregate address 10.1.0.0/16 shows that the more
specific routes aggregated into 10.1.0.0/16 have been suppressed. In this case, the route to
10.1.44.0/24 has been suppressed. If you enter this command, the display shows that the route is not
being advertised to the BGP4 neighbors.

device(config-bgp)# show ip bgp route 10.1.44.0/24

Number of BGP Routes matching display condition : 1

Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED

E:EBGP H:HISTORY I:IBGP L:LOCAL M:MULTIPATH S:SUPPRESSED F:FILTERED

Prefix Next Hop Metric LocPrf Weight Status

1 10.1.44.0/24 10.2.0.1 1 101 32768 BLS

AS_PATH:

Route is not advertised to any peers

To override the summary-only parameter and allow a specific route to be advertised to a neighbor,
enter commands such as the following

device(config)# ip prefix-list Unsuppress1 permit 10.1.44.0/24

device(config)# route-map RouteMap1 permit 1

device(config-routemap RouteMap1)# exit

device(config)# router bgp

device(config-bgp)# neighbor 10.1.0.2 unsuppress-map RouteMap1

device(config-bgp)# clear ip bgp neighbor 10.1.0.2 soft-out

The ip prefix-list command configures an IP prefix list for network 10.1.44.0/24, which is the route you
want to unsuppress. The next two commands configure a route map that uses the prefix list as input.
The neighbor command enables the device to advertise the routes specified in the route map to
neighbor 10.1.0.2. The clear command performs a soft reset of the session with the neighbor so that
the device can advertise the unsuppressed route.

Syntax: [no] neighbor { ip-addr | peer-group-name } unsuppress-map map-name

The show ip bgp route command verifies that the route has been unsuppressed.

device(config-bgp)# show ip bgp route 10.1.44.0/24

Number of BGP Routes matching display condition : 1

Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED

E:EBGP H:HISTORY I:IBGP L:LOCAL M:MULTIPATH S:SUPPRESSED F:FILTERED

Prefix Next Hop MED LocPrf Weight Status

1 10.1.44.0/24 10.2.0.1 1 101 32768 BLS

AS_PATH:

Route is advertised to 1 peers:

10.1.0.2(4)

Encrypting BGP4 MD5 authentication keys

When you configure a BGP4 neighbor or neighbor peer group, you can specify an MD5 authentication
string to authenticate packets exchanged with the neighbor or peer group of neighbors.

For added security, by default, the software encrypts the display of the authentication string. The
software also provides an optional parameter to disable encryption of the authentication string, on an
individual neighbor or peer group basis. By default, MD5 authentication strings are displayed in
encrypted format in the output of the following commands:

show running-config (or write terminal )
show configuration
show ip bgp config

Encrypting BGP4 MD5 authentication keys

FastIron Ethernet Switch Layer 3 Routing Configuration Guide

405

53-1003087-04

See also other documents in the category Brocade Computer Accessories: