Configure BGP MD5 Authentication for Tenant BGP Peer and Peer-group Securely

You can securely provide MD5 passwords during BGP peer-group create or update operations.

About this task

Configure BGP MD5 Authentication for Tenant BGP Peer and Configure BGP MD5 Authentication for Tenant BGP Peer-group present instructions for providing an md5-password per BGP peer or peer-group during the BGP peer or peer-group create and update operations.

This topic provides an additional method for doing so - in a secure manner - using the --md5-password-prompt-enable=true option in the efa tenant service bgp peer create and efa tenant service bgp peer-group create commands.

You are prompted to supply a password the same number of times as the number of BGP peer or peer-group inputs you specify in the command. Then, you can choose to type in a password, in which case, it is not shown. Alternatively, you can skip the input of the password altogether by pressing Enter.

Note

Note

You can choose to provide the BGP peer or peer-group md5-password either in a secure manner (using the prompt) or in an unsecure manner, as described in the topics referenced above, but not both.

Procedure

  1. Run the efa tenant service bgp peer create command to create or update a BGP peer.
    For example:
    efa tenant service bgp peer create --name bgp173-2501 --tenant tenant11 
                           --ipv4-uc-nbr 10.20.246.6,v1:25.1.1.3,5901 
                           --ipv4-uc-nbr-bfd 10.20.246.6,v1:25.1.1.3,true 
                           --ipv6-uc-nbr 10.20.246.5,v1:25:1::3,5901 
                           --ipv6-uc-nbr-bfd 10.20.246.5,v1:25:1::3,true 
                           --md5-password-prompt-enable=true
    
    The following output is displayed:
    Enter Md5 Password for 10.20.246.6::v1::25.1.1.3:
          
    For the first prompt, suppose you enter a password. It is not displayed on the screen. You are prompted for the second password:
    Enter Md5 Password for 10.20.246.5::v1::25:1::3:
          

    Suppose that this time, you do not enter a password at all but press Enter.

    The following output is displayed:

    BgpService created successfully.
  2. Run the efa tenant service bgp peer-group create command to create or update a BGP peer-group.
    For example:
    efa tenant service bgp peer-group create --tenant "tenant11" --name "v1-PeerGrp" 
                           --pg-name 10.20.246.5:v1-PeerGrp --pg-asn 10.20.246.5,v1-PeerGrp:5200 
                           --pg-bfd-enable 10.20.246.5,v1-PeerGrp:true 
                           --pg-name 10.20.246.5:v3-PeerGrp --pg-asn 10.20.246.5,v3-PeerGrp:5201 
                           --pg-bfd-enable 10.20.246.5,v3-PeerGrp:true 
                           --pg-name 10.20.246.6:v1-PeerGrp --pg-asn 10.20.246.6,v1-PeerGrp:5200 
                           --pg-bfd-enable 10.20.246.6,v1-PeerGrp:true 
                           --pg-md5-password-prompt-enable=true
    
    The following output is displayed:
    Enter Md5 Password for 10.20.246.5::v1-PeerGrp:
          
    For the first prompt, suppose you enter a password. It is not displayed on the screen.
    You are prompted for the second password:
    Enter Md5 Password for 10.20.246.5::v3-PeerGrp:
          

    Suppose you enter a password this time, too. It is not displayed on the screen.

    Now you are prompted a third time:
    Enter Md5 Password for 10.20.246.6::v1-PeerGrp:
          

    Suppose that this time, you do not type in a password at all but press Enter.

    The following output is displayed:

    BgpService created successfully.