No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E-S2 V800R010C10SPC500 Configuration Guide - Security 01

This is NE20E-S2 V800R010C10SPC500 Configuration Guide - Security
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Keychain Authentication for TCP Application

Example for Configuring Keychain Authentication for TCP Application

Networking Requirements

As shown in Figure 6-4, it is required to enable BGP and keychain authentication on all interfaces of Device A and Device B. The routers interconnect with each other using BGP.

Figure 6-4 Keychain
NOTE:

Interfaces 1 in this example is GE 0/1/0.


Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure keychain basic functions.

  2. Configure the application BGP on both the routers to use keychain.

Data Preparation

To complete the configuration, you need the following data:

  • keychain name

  • key-id

  • algorithm and key-string

  • send and receive time

  • receive tolerance

  • tcp-kind value and tcp-algorithm-id

Procedure

  1. # Configure Device A.

    Configuring Keychain

    [~DeviceA] keychain huawei mode absolute
    [*DeviceA-keychain-huawei] tcp-kind 182
    [*DeviceA-keychain-huawei] tcp-algorithm-id md5 17
    [*DeviceA-keychain-huawei] receive-tolerance 100
    [*DeviceA-keychain-huawei] key-id 1
    [*DeviceA-keychain-huawei-keyid-1] algorithm md5
    [*DeviceA-keychain-huawei-keyid-1] key-string Hello-13579
    [*DeviceA-keychain-huawei-keyid-1] send-time 14:30 2008-10-10 to 14:50 2008-10-10
    [*DeviceA-keychain-huawei-keyid-1] receive-time 14:40 2008-10-10 to 14:50 2008-10-10
    [*DeviceA-keychain-huawei-keyid-1] default send-key-id
    [*DeviceA-keychain-huawei-keyid-1] commit
    [~DeviceA-keychain-huawei-keyid-1] quit
    [*DeviceA-keychain-huawei] key-id 2
    [*DeviceA-keychain-huawei-keyid-2] algorithm sha-256
    [*DeviceA-keychain-huawei-keyid-2] key-string Hello-246810
    [*DeviceA-keychain-huawei-keyid-2] send-time 08:30 2017-10-10 to 18:30 2017-10-10
    [*DeviceA-keychain-huawei-keyid-2] receive-time 09:30 2017-10-10 to 19:30 2017-10-10
    [*DeviceA-keychain-huawei-keyid-2] default send-key-id
    [*DeviceA-keychain-huawei-keyid-2] commit
    [~DeviceA-keychain-huawei-keyid-2] quit
    [~DeviceA-keychain-huawei] quit

    Configuring Keychain Authentication

    [~DeviceA] interface gigabitethernet 0/1/0
    [~DeviceA-GigabitEthernet0/1/0] ip address 192.168.1.1 24
    [*DeviceA-GigabitEthernet0/1/0] quit
    [*DeviceA] bgp 1
    [*DeviceA-bgp] router-id 1.1.1.1
    [*DeviceA-bgp] peer 192.168.1.2 as-number 1
    [*DeviceA-bgp] peer 192.168.1.2 keychain huawei
    [*DeviceA-bgp] commit
    [~DeviceA-bgp] quit

  2. # Configure Device B.

    Configuring Keychain

    [~DeviceB] keychain huawei mode absolute
    [*DeviceB-keychain-huawei] tcp-kind 182
    [*DeviceB-keychain-huawei] tcp-algorithm-id md5 17
    [*DeviceB-keychain-huawei] receive-tolerance 100
    [*DeviceB-keychain-huawei] key-id 1
    [*DeviceB-keychain-huawei-keyid-1] algorithm md5
    [*DeviceB-keychain-huawei-keyid-1] key-string Hello-13579
    [*DeviceB-keychain-huawei-keyid-1] send-time 14:40 2008-10-10 to 14:50 2008-10-10
    [*DeviceB-keychain-huawei-keyid-1] receive-time 14:30 2008-10-10 to 14:50 2008-10-10
    [*DeviceB-keychain-huawei-keyid-1] default send-key-id
    [*DeviceB-keychain-huawei-keyid-1] commit
    [~DeviceB-keychain-huawei-keyid-1] quit
    [*DeviceB-keychain-huawei] key-id 2
    [*DeviceB-keychain-huawei-keyid-2] algorithm sha-256
    [*DeviceB-keychain-huawei-keyid-2] key-string Hello-246810
    [*DeviceB-keychain-huawei-keyid-2] send-time 08:30 2017-10-10 to 18:30 2017-10-10
    [*DeviceB-keychain-huawei-keyid-2] receive-time 09:30 2017-10-10 to 19:30 2017-10-10
    [*DeviceB-keychain-huawei-keyid-2] default send-key-id
    [*DeviceB-keychain-huawei-keyid-2] commit
    [~DeviceB-keychain-huawei-keyid-2] quit
    [~DeviceB-keychain-huawei] quit

    Configuring Keychain Authentication

    [~DeviceB] interface gigabitethernet 0/1/0
    [~DeviceB-GigabitEthernet0/1/0] ip address 192.168.1.2 24
    [*DeviceB-GigabitEthernet0/1/0] quit
    [*DeviceB] bgp 1
    [*DeviceB-bgp] router-id 2.2.2.2
    [*DeviceB-bgp] peer 192.168.1.1 as-number 1
    [*DeviceB-bgp] peer 192.168.1.1 keychain huawei 
    [*DeviceB-bgp] commit
    [~DeviceB-bgp] quit

Configuration File

  • Device A configuration file

    #
     sysname DeviceA
    #
    keychain huawei mode absolute
    tcp-kind 182
    tcp-algorithm-id md5 17
    receive-tolerance 100
    #
     key-id 1
      algorithm md5
      key-string cipher @%@%Hb'c;\@iU'@X,k6.E\Z,*.S#@%@%
      send-time 14:40 2008-10-10 to 14:50 2008-10-10
      receive-time 14:30 2008-10-10 to 14:50 2008-10-10
      default send-key-id
    #
     key-id 2
      algorithm sha-256
      key-string cipher %^%#[aqxE3`@U8L*%n."1(<$,]k_QrVTf1X;K+;My)k;%^%#
      send-time 08:30 2017-10-10 to 18:30 2017-10-10
      receive-time 09:30 2017-10-10 to 19:30 2017-10-10
      default send-key-id
    #
    interface gigabitethernet0/1/0
    ip address 192.168.1.1 24
    #
    bgp 1
     router-id 1.1.1.1
     peer 192.168.1.2 as-number 1
     peer 192.168.1.2 keychain huawei
    #
    return
  • Device B configuration file

    #
     sysname DeviceB
    #
    keychain huawei mode absolute
    tcp-kind 182
    tcp-algorithm-id md5 17
    receive-tolerance 100
    #
     key-id 1
      algorithm md5
      key-string cipher @%@%;TYJ;\@iU'SGHRH.C\V,*.A#@%@%
      send-time 14:40 2008-10-10 to 14:50 2008-10-10
      receive-time 14:30 2008-10-10 to 14:50 2008-10-10
      default send-key-id
    #
     key-id 2
      algorithm sha-256
      key-string cipher %^%#X=O%EC@ta4QKkn"ur~Y::h@#'6737A4eq<W^~qn+%^%#
      send-time 08:30 2017-10-10 to 18:30 2017-10-10
      receive-time 09:30 2017-10-10 to 19:30 2017-10-10
      default send-key-id
    #
    interface gigabitethernet0/1/0
    ip address 192.168.1.2 24
    #
    bgp 1
     router-id 2.2.2.2
     peer 192.168.1.1 as-number 1
     peer 192.168.1.1 keychain huawei
    #
    return
Translation
Download
Updated: 2019-01-02

Document ID: EDOC1100055397

Views: 20041

Downloads: 39

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next