beautypg.com

Encryption of bgp4 md5 authentication keys – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 709

background image

Brocade TurboIron 24X Series Configuration Guide

675

53-1003053-01

Basic configuration tasks

shutdown administratively shuts down the session with this neighbor. Shutting down the session
allows you to completely configure the neighbor and save the configuration without actually
establishing a session with the neighbor. This option is disabled by default.

soft-reconfiguration inbound enables the soft reconfiguration feature, which stores all the route
updates received from the neighbor. If you request a soft reset of inbound routes, the software
performs the reset by comparing the policies against the stored route updates, instead of
requesting the neighbor BGP4 route table or resetting the session with the neighbor. Refer to

“Using soft reconfiguration”

on page 758.

timers keep-alive hold-time overrides the global settings for the Keep Alive Time
and Hold Time. For the Keep Alive Time, you can specify from 0 – 65535 seconds. For the Hold
Time, you can specify 0 or
3 – 65535 (1 and 2 are not allowed). If you set the Hold Time to 0, the router waits indefinitely for
messages from a neighbor without concluding that the neighbor is dead. The defaults for these
parameters are the currently configured global Keep Alive Time and Hold Time. For more
information about these parameters, refer to

“Changing the Keep Alive Time and Hold Time”

on

page 681.

unsuppress-map removes route dampening from a neighbor routes when those
routes have been dampened due to aggregation. Refer to

“Removing route dampening from a

neighbor routes suppressed due to aggregation”

on page 726.

update-source | ethernet | loopback | ve configures the
router to communicate with the neighbor through the specified interface. There is no default.

weight specifies a weight the Layer 3 Switch will add to routes received from the specified
neighbor. BGP4 prefers larger weights over smaller weights. The default weight is 0.

Encryption of BGP4 MD5 authentication keys

When you configure a BGP4 neighbor or neighbor peer group, you can specify an MD5
authentication string for authenticating packets exchanged with the neighbor or peer group of
neighbors.

For added security, the software encrypts display of the authentication string by default. The
software also provides an optional parameter to disable encryption of the authentication string, on
an individual neighbor or peer group basis. By default, the MD5 authentication strings are
displayed in encrypted format in the output of the following commands:

show running-config (or write terminal)

show configuration

show ip bgp config

When encryption of the authentication string is enabled, the string is encrypted in the CLI
regardless of the access level you are using.

If you display the running-config after reloading, the BGP4 commands that specify an
authentication string show the string in encrypted form.

In addition, when you save the configuration to the startup-config file, the file contains the new
BGP4 command syntax and encrypted passwords or strings.

NOTE

Brocade recommends that you save a copy of the startup-config file for each switch you plan to
upgrade.