Foundry Configuration Guide for the FESX, FSX, and FWSX
21 - 16 © Foundry Networks, Inc. December 2005
weight <num> specifies a weight the Layer 3 Switch will add to routes received from the specified neighbor.
BGP4 prefers larger weights over smaller weights. The default weight is 0.
Encryption of BGP4 MD5 Authentication Keys
When you configure a BGP4 neighbor or neighbor peer group, you can specify an MD5 authentication string for
authenticating packets exchanged with the neighbor or peer group of neighbors.
For added security, the software encrypts display of the authentication string by default. The software also
provides an optional parameter to disable encryption of the authentication string, on an individual neighbor or peer
group basis. By default, the MD5 authentication strings are displayed in encrypted format in the output of the
following commands:
• show running-config (or write terminal)
• show configuration
• show ip bgp config
When encryption of the authentication string is enabled, the string is encrypted in the CLI regardless of the access
level you are using.
If you display the running-config after reloading, the BGP4 commands that specify an authentication string show
the string in encrypted form.
In addition, when you save the configuration to the startup-config file, the file contains the new BGP4 command
syntax and encrypted passwords or strings.
NOTE: Foundry recommends that you save a copy of the startup-config file for each Layer 3 Switch you plan to
upgrade.
Encryption Example
The following commands configure a BGP4 neighbor and a peer group, and specify MD5 authentication strings
(passwords) for authenticating packets exchanged with the neighbor or peer group.
Here is how the commands appear when you display the BGP4 configuration commands:
Notice that the software has converted the commands that specify an authentication string into the new syntax
(described below), and has encrypted display of the authentication strings.
Command Syntax
Since the default behavior does not affect the BGP4 configuration itself but does encrypt display of the
authentication string, the CLI does not list the encryption options.
FESX424 Router(config-bgp-router)# local-as 2
FESX424 Router(config-bgp-router)# neighbor xyz peer-group
FESX424 Router(config-bgp-router)# neighbor xyz password abc
FESX424 Router(config-bgp-router)# neighbor 10.10.200.102 peer-group xyz
FESX424 Router(config-bgp-router)# neighbor 10.10.200.102 password test
FESX424 Router(config-bgp-router)# show ip bgp config
Current BGP configuration:
router bgp
local-as 2
neighbor xyz peer-group
neighbor xyz password 1 $!2d
neighbor 10.10.200.102 peer-group xyz
neighbor 10.10.200.102 remote-as 1
neighbor 10.10.200.102 password 1 $on-o
To Next Page
Loading...
Need help?
General
