peer keychain (BGP)
Function
The peer keychain command configures the Keychain authentication for establishing the TCP connection between BGP peers.
The undo peer keychain command restores the default setting.
By default, the Keychain authentication is not configured for BGP peers.
Format
peer { group-name | ipv4-address | ipv6-address } keychain keychain-name
undo peer { group-name | ipv4-address | ipv6-address } keychain
Parameters
| Parameter | Description | Value |
|---|---|---|
| group-name | Specifies the name of a BGP peer group. | The name is a string of 1 to 47 characters without any space. It is case-sensitive. |
| ipv4-address | Specifies the IPv4 address of a BGP peer. | It is in dotted decimal notation. |
| ipv6-address | Specifies the IPv6 address of a BGP peer. | The prefix is a 32-digit hexadecimal number, in the format of X:X:X:X:X:X:X:X. |
| keychain-name | Specifies the name of the Keychain authentication. | The value is a string of 1 to 47 case-sensitive characters
without any space. When double quotation marks are used around the
string, spaces are allowed in the string. NOTE:
If the peer address is an IPv6 address and keychain authentication is configured, the authentication algorithm supports only HMAC-MD5, HMAC-SHA1-12, or HMAC-SHA-256. |
Usage Guidelines
Usage Scenario
Configuring Keychain authentication improves the security of the TCP connection. You must configure Keychain authentication specified for TCP-based applications on both BGP peers. Note that encryption algorithms and passwords configured for the Keychain authentication on both peers must be the same; otherwise, the TCP connection cannot be set up between BGP peers and BGP messages cannot be transmitted.
Prerequisites
Peer relationships have been established using the peer as-number command.
Before configuring the BGP Keychain authentication, a Keychain in accordance with the configured keychain-name must be configured first.
Precautions
The peer keychain command and the peer password command are mutually exclusive.
