beautypg.com

Brocade FastIron Ethernet Switch Layer 3 Routing Configuration Guide User Manual

Page 406

background image

When encryption of the authentication string is enabled, the string is encrypted in the CLI regardless of
the access level you are using.

When you save the configuration to the startup configuration file, the file contains the new BGP4
command syntax and encrypted passwords or strings.

NOTE
Brocade recommends that you save a copy of the startup configuration file for each device you plan to
upgrade.

Encryption example

The following commands configure a BGP4 neighbor and a peer group, and specify MD5
authentication strings (passwords) to authenticate packets exchanged with the neighbor or peer group.

device(config-bgp)# local-as 2

device(config-bgp)# neighbor xyz peer-group

device(config-bgp)# neighbor xyz password abc

device(config-bgp)# neighbor 10.10.200.102 peer-group xyz

device(config-bgp)# neighbor 10.10.200.102 password test

The BGP4 configuration commands appear in the following format as a result of the show ip bgp
configuration command.

device# show ip bgp configuration

Current BGP configuration:

router bgp

local-as 2

neighbor xyz peer-group

neighbor xyz password $b24tbw==

neighbor 10.10.200.102 peer-group xyz

neighbor 10.10.200.102 remote-as 1

neighbor 10.10.200.102 password $on-o

In this output, the software has converted the commands that specify an authentication string into the
new syntax (described below), and has encrypted display of the authentication strings.

Since the default behavior does not affect the BGP4 configuration itself but does encrypt display of the
authentication string, the CLI does not list the encryption options.

Syntax: [no] neighbor { ip-addr | peer-group-name } password string

The ip-addr | peer-group-name parameter indicates whether you are configuring an individual neighbor
or a peer group. If you specify the IP address of a neighbor, you are configuring that individual
neighbor. If you specify a peer group name, you are configuring a peer group.

If you want the software to assume that the value you enter is the clear-text form and to encrypt the
display of that form, do not enter 0 or 1. Instead, omit the encryption option and allow the software to
use the default behavior. If you specify encryption option 1, the software assumes that you are
entering the encrypted form of the password or authentication string. In this case, the software
decrypts the password or string you enter before using the value for authentication. If you accidentally
enter option 1 followed by the clear-text version of the password or string, authentication will fail
because the value used by the software will not match the value you intended to use.

The password string parameter specifies an MD5 authentication string to secure sessions between
the device and the neighbor. You can enter a string of up to 80 characters. The string can contain any
alphanumeric characters, but must be placed inside quotes if it contains a space.

The system creates an MD5 hash of the password and uses it to secure sessions between the device
and the neighbors. To display the configuration, the system uses a 2-way encoding scheme to retrieve
the original password.

Configuring BGP4 (IPv4)

406

FastIron Ethernet Switch Layer 3 Routing Configuration Guide

53-1003087-04

See also other documents in the category Brocade Computer Accessories: