What are the functions of BGP MD5 authentication on S series switches

13

Q: What are the functions of BGP MD5 authentication, and the simple and cipher parameters?
A: BGP MD5 authentication is designed to prevent TCP attacks. The MD5 password and TCP+BGP packets are input for calculation and then result A is saved in a TCP packet. The TCP peer resolves the result to check whether the TCP packet is a fake one. If so, it discards this TCP packet to guarantee stable TCP connection.
The simple and cipher parameters only determine in which mode a password is displayed.
If the simple parameter is configured, the password is displayed in plain text.
If the cipher parameter is configured, the password is displayed in cipher text.
If the same password is configured on both ends, the two ends adopt the same password for communication.

Other related questions:
What is the function of BGP MD5 authentication, and what are functions of simple and cipher parameters
Border Gateway Protocol (BGP) message digest algorithm 5 (MD5) authentication sets MD5 authentication passwords for Transmission Control Protocol (TCP) connections to prevent TCP attacks. The parameters simple and cipher in the peer { group-name | ipv4-address } password { cipher cipher-password | simple simple-password command only affect password display. The simple parameter indicates that the password is displayed in plain text. The cipher parameter indicates that the password is displayed in cipher text.

Does an S series switch support BGP
BGP support varies depending on S series switches, which is listed as follows (until V200R008): - S7700/S9700/S12700: supported - S9300: supported - S6720EI: supported - S6700EI: supported - S5720HI: supported - S5710HI: supported - S5700HI: supported - S5720EI: supported - S5710EI: supported - S5700EI: supported - S5720SI/S5720S-SI: supported - S5700SI: not supported - S5710LI: not supported - S5700LI: not supported - S5700S-LI: not supported - S3700HI: supported - S3700EI: supported - S3700SI: not supported - S2750EI: not supported - S2720EI: not supported - S2700EI: not supported - S2710SI: not supported - S2700SI: not supported - S1720: not supported BGP4+ support varies depending on S series switches, which is listed as follows (until V200R008): - S7700/S9700/S12700: supported - S9300: supported - S6720EI: supported - S6700EI: supported (V200R001 and later) - S5720HI: supported - S5710HI: supported - S5700HI: supported (V200R001 and later) - S5720EI: supported - S5710EI: supported - S5700EI: supported (V200R001 and later) - S5720SI/S5720S-SI: supported - S5700SI: not supported - S5710LI: not supported - S5700LI: not supported - S5700S-LI: not supported - S3700HI: supported (V200R001 and later) - S3700EI: not supported - S3700SI: not supported - S2750EI: not supported - S2720EI: not supported - S2700EI: not supported - S2710SI: not supported - S2700SI: not supported - S1720: not supported

What is the value range of the AS number for BGP on S series switches
The value range of the BGP AS number varies according to the versions of S series switches. 1. V100R002 and earlier versions: The value is an integer that ranges from 1 to 65535. 2. V100R003 to V200R001: The value can contain either two bytes or four bytes. A 2-byte AS number is in the x format. Here, "x" is an integer ranging from 1 to 65535. A 4-byte AS number is in the x.y format. Here, "x" and "y" are integers ranging from 1 to 65535 and 0 to 65535 respectively. 3. V200R002 and later versions: The value can contain either two bytes or four bytes. A 2-byte AS number is in the x format. Here, "x" is an integer ranging from 1 to 4294967295. A 4-byte AS number is in the x.y format. Here, "x" and "y" are integers ranging from 1 to 65535 and 0 to 65535 respectively. Note: You can type bgp ? in the system view in any version to display the specific value range. The following takes V200R007 as an example: [SwitchA] bgp ? INTEGER<1-4294967295> AS number in asplain format (number<1-4294967295>) STRING<3-11> AS number in asdot format (number<1-65535>.number<0-65535>)

Does the switch support OSPF MD5 authentication on an interface
For example, if interface Vlanif10 of SwitchA and interface Vlanif20 of SwitchB are on the same network segment, perform these steps to configure OSPF MD5 authentication: # Configure SwitchA. system-view [SwitchA] interface vlanif 10 [SwitchA-Vlanif10] ospf authentication-mode md5 # Configure SwitchB. system-view [SwitchB] interface vlanif 20 [SwitchB-Vlanif20] ospf authentication-mode md5

How to configure BGP to import routes for S series switches
Background BGP itself cannot discover routes. Therefore, it needs to import other protocol routes, such as IGP routes, to the BGP routing table. In this manner, these imported routes can be transmitted within an AS or between ASs. BGP imports routes in either of the following ways: In import mode, BGP imports routes according to protocol types, such as RIP routes, OSPF routes, and IS-IS routes. To ensure validity of imported IGP routes, BGP can also import static routes and direct routes in import mode. In network mode, BGP imports routes in an IP routing table one by one, making it more precise than the import mode. Procedure Import mode: [HUAWEI] bgp 100 [HUAWEI-bgp] ipv4-family unicast //The IPv4 address family view is displayed. You can also enter other views as required. [HUAWEI-bgp-af-ipv4] import-rout static //Importing static routes is taken as an example. Importing routes of other protocols is similar. (Optional) Run the default-route import command to allow BGP to import the default route that already exists in the local IP routing table. By default, BGP does not add default routes to the BGP routing table. Network mode: [HUAWEI] bgp 100 [HUAWEI-bgp] ipv4-family unicast //The IPv4 address family view is displayed. You can also enter other views as required. [HUAWEI-bgp-af-ipv4] network 192.168.100.0 24 //Advertise routes to network segment 192.168.100.0 24. Precaution The network command is used to advertise exactly matched routes. That is, the routes whose destination addresses and prefix lengths exactly match the entries in the local routing table. If the network mask is not specified, routes are exactly matched according to the natural network segment. When using the undo network command to clear the existing configuration, you need to specify the correct mask.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top