You can securely provide MD5
passwords during BGP peer-group create or update operations.
About this task
Configure BGP MD5 Authentication for Tenant BGP Peer and Configure BGP MD5 Authentication for Tenant BGP Peer-group present
instructions for providing an md5-password per BGP peer or peer-group during the BGP
peer or peer-group create and update operations.
This topic provides an additional method for doing so - in a secure manner - using
the --md5-password-prompt-enable=true
option in the efa tenant
service bgp peer create and efa tenant service bgp peer-group
create commands.
You are prompted to supply a password the same number of times as the number of BGP
peer or peer-group inputs you specify in the command. Then, you can choose to type
in a password, in which case, it is not shown. Alternatively, you can skip the input
of the password altogether by pressing Enter.
Note
You can choose to provide the
BGP peer or peer-group md5-password either in a secure manner (using the prompt)
or in an unsecure manner, as described in the topics referenced above, but not
both.
Procedure
-
Run the efa tenant service bgp peer
create command to create or update a BGP peer.
For
example:
efa tenant service bgp peer create --name bgp173-2501 --tenant tenant11
--ipv4-uc-nbr 10.20.246.6,v1:25.1.1.3,5901
--ipv4-uc-nbr-bfd 10.20.246.6,v1:25.1.1.3,true
--ipv6-uc-nbr 10.20.246.5,v1:25:1::3,5901
--ipv6-uc-nbr-bfd 10.20.246.5,v1:25:1::3,true
--md5-password-prompt-enable=true
The following output is
displayed:
Enter Md5 Password for 10.20.246.6::v1::25.1.1.3:
For
the first prompt, suppose you enter a password. It is not displayed on the
screen. You are prompted for the second
password:
Enter Md5 Password for 10.20.246.5::v1::25:1::3:
Suppose
that this time, you do not enter a password at all but press
Enter.
The following output is displayed:
BgpService created
successfully
.
-
Run the efa tenant service bgp
peer-group create command to create or update a BGP
peer-group.
For
example:
efa tenant service bgp peer-group create --tenant "tenant11" --name "v1-PeerGrp"
--pg-name 10.20.246.5:v1-PeerGrp --pg-asn 10.20.246.5,v1-PeerGrp:5200
--pg-bfd-enable 10.20.246.5,v1-PeerGrp:true
--pg-name 10.20.246.5:v3-PeerGrp --pg-asn 10.20.246.5,v3-PeerGrp:5201
--pg-bfd-enable 10.20.246.5,v3-PeerGrp:true
--pg-name 10.20.246.6:v1-PeerGrp --pg-asn 10.20.246.6,v1-PeerGrp:5200
--pg-bfd-enable 10.20.246.6,v1-PeerGrp:true
--pg-md5-password-prompt-enable=true
The following output is
displayed:
Enter Md5 Password for 10.20.246.5::v1-PeerGrp:
For
the first prompt, suppose you enter a password. It is not displayed on the
screen.
You are prompted for the second
password:
Enter Md5 Password for 10.20.246.5::v3-PeerGrp:
Suppose
you enter a password this time, too. It is not displayed on the
screen.
Now you are prompted a third
time:
Enter Md5 Password for 10.20.246.6::v1-PeerGrp:
Suppose
that this time, you do not type in a password at all but press
Enter.
The following output is displayed:
BgpService created
successfully
.