Encryption of bgp4 md5 authentication keys – Brocade TurboIron 24X Series Configuration Guide User Manual
Page 709

Brocade TurboIron 24X Series Configuration Guide
675
53-1003053-01
Basic configuration tasks
shutdown administratively shuts down the session with this neighbor. Shutting down the session
allows you to completely configure the neighbor and save the configuration without actually
establishing a session with the neighbor. This option is disabled by default.
soft-reconfiguration inbound enables the soft reconfiguration feature, which stores all the route
updates received from the neighbor. If you request a soft reset of inbound routes, the software
performs the reset by comparing the policies against the stored route updates, instead of
requesting the neighbor BGP4 route table or resetting the session with the neighbor. Refer to
timers keep-alive
and Hold Time. For the Keep Alive Time, you can specify from 0 – 65535 seconds. For the Hold
Time, you can specify 0 or
3 – 65535 (1 and 2 are not allowed). If you set the Hold Time to 0, the router waits indefinitely for
messages from a neighbor without concluding that the neighbor is dead. The defaults for these
parameters are the currently configured global Keep Alive Time and Hold Time. For more
information about these parameters, refer to
“Changing the Keep Alive Time and Hold Time”
unsuppress-map
routes have been dampened due to aggregation. Refer to
“Removing route dampening from a
neighbor routes suppressed due to aggregation”
update-source
router to communicate with the neighbor through the specified interface. There is no default.
weight
neighbor. BGP4 prefers larger weights over smaller weights. The default weight is 0.
Encryption of BGP4 MD5 authentication keys
When you configure a BGP4 neighbor or neighbor peer group, you can specify an MD5
authentication string for authenticating packets exchanged with the neighbor or peer group of
neighbors.
For added security, the software encrypts display of the authentication string by default. The
software also provides an optional parameter to disable encryption of the authentication string, on
an individual neighbor or peer group basis. By default, the MD5 authentication strings are
displayed in encrypted format in the output of the following commands:
•
show running-config (or write terminal)
•
show configuration
•
show ip bgp config
When encryption of the authentication string is enabled, the string is encrypted in the CLI
regardless of the access level you are using.
If you display the running-config after reloading, the BGP4 commands that specify an
authentication string show the string in encrypted form.
In addition, when you save the configuration to the startup-config file, the file contains the new
BGP4 command syntax and encrypted passwords or strings.
NOTE
Brocade recommends that you save a copy of the startup-config file for each switch you plan to
upgrade.