beautypg.com

Enabling md5 authentication for tcp connections, Configuration prerequisites, Configuration procedure – H3C Technologies H3C S12500 Series Switches User Manual

Page 387

background image

371

Enabling MD5 authentication for TCP connections

IPv6 BGP employs TCP as the transport protocol. To enhance security, configure IPv6 BGP to perform

MD5 authentication when establishing a TCP connection. If the authentication fails, no TCP connection

can be established.
The MD5 authentication for establishing TCP connections does not apply to BGP packets.
The MD5 authentication requires that the two parties have the same authentication mode and password

to establish a TCP connection; otherwise, no TCP connection can be established due to authentication

failure.
To enable MD5 authentication for TCP connections:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter BGP view.

bgp as-number

N/A

3.

Enter IPv6 address family view
or IPv6 BGP-VPN instance

view.

ipv6-family [ vpn-instance
vpn-instance-name ]

N/A

4.

Enable MD5 authentication
when establishing a TCP

connection to the peer or peer

group.

peer { group-name |
ipv6-address } password { cipher |

simple } password

Not enabled by default.
The IPv6 BGP-VPN instance view
does not support the group-name

argument.

Applying an IPsec policy to an IPv6 BGP peer or peer group

To protect routing information and defend attacks, IPv6 BGP can authenticate protocol packets by using

an IPsec policy.
Outbound IPv6 BGP packets carry the Security Parameter Index (SPI) defined in the IPsec policy. A device

uses the SPI carried in a received packet to match against the configured IPsec policy. If they match, the

device accepts the packet; otherwise, it discards the packet and will not establish a neighbor relationship

with the sending device.

Configuration prerequisites

Before you apply an IPsec policy to a peer or peer group, complete following tasks:

Create an IPsec proposal.

Create an IPsec policy.

For more information about IPsec policy configuration, see Security Configuration Guide.

Configuration procedure

To apply an IPsec policy to a peer or peer group

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter BGP view.

bgp as-number

N/A

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: