No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - IP Multicast 01

This is NE40E V800R010C10SPC500 Configuration Guide - IP Multicast
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring MSDP Peer Authentication

Configuring MSDP Peer Authentication

To improve communication security between MSDP peers, configure MSDP Message-digest algorithm 5 (MD5) or keychain authentication. Otherwise, the system may be insecure. By default, no authentication mode is configured.

Procedure

  • Configure MSDP MD5 authentication.
    1. Run system-view

      The system view is displayed.

    2. Run msdp [ vpn-instance vpn-instance-name ]

      The MSDP view is displayed.

    3. Run peer peer-address password { cipher cipher-password | simple simple-password }

      MSDP MD5 authentication is configured.

      NOTE:
      • The new password is at least eight characters long and contains at least two of the following types: upper-case letters, lower-case letters, digits, and special characters.

      • For security purposes, you are advised to configure a password in ciphertext mode. To further improve device security, periodically change the password.

      Message digest 5 (MD5) authentication can be configured on MSDP peers to provide security protection. Make sure you enable MD5 authentication and the same authentication password for both MSDP peers. After this function is enabled, the transmit peer sends an MD5-encrypted MSDP message, which is transferred to the receive peer over a TCP connection. The receive peer decrypts the MSDP message by following the uniform MD5 encryption rules and the key contained the message. After decrypting the message successfully, the transmit peer reports the message to the MSDP module for processing. Only MSDP packets passing MD5 authentication are processed. This effectively prevents attacks that are conducted using malicious packets.

    4. Run commit

      The configuration is committed.

  • Configure MSDP keychain authentication.
    1. Run system-view

      The system view is displayed.

    2. Run msdp [ vpn-instance vpn-instance-name ]

      The MSDP view is displayed.

    3. Run peer peer-address keychain keychain-name

      MSDP keychain authentication is configured.

      Keychain and new TCP extension options enable each TCP connection to be configured with a password. You can set different encryption algorithms and validity periods for passwords. In addition, passwords can be changed at any time. This significantly improves security of encrypted packets. Only MSDP packets that are authenticated using a keychain are processed. This effectively prevents attacks conducted using malicious packets.

      To implement keychain authentication, you must also configure keychain authentication on the MSDP peer. Encryption algorithms and passwords configured for Keychain authentication on both peers must be the same; otherwise, the TCP connection cannot be set up between MSDP peers and MSDP messages cannot be transmitted.

      Before configuring MSDP keychain authentication, configure a keychain based on the configured keychain-name parameter; otherwise, the TCP connection cannot be set up.

      NOTE:

      MSDP MD5 authentication and MSDP keychain authentication cannot be both configured on the same device.

Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055017

Views: 40756

Downloads: 97

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next