EasyManua.ls Logo

Huawei AR1200 Series - Configuring LDP MD5 Authentication

Huawei AR1200 Series
132 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
2.10.2 Configuring LDP MD5 Authentication
LDP authentication can be configured to improve the security of the connection of an LDP
session. LDP authentication is configured on LSRs at both ends of an LDP session.
Context
MD5 authentication can be configured for a TCP connection over which an LDP session is
established, improving security. Note that the peers of an LDP session can be configured with
different authentication modes, but must be configured with a single password.
LDP MD5 authentication generates a unique digest for an information segment to prevent LDP
packets from being modified. LDP MD5 authentication is stricter than common checksum
verification for TCP connections.
You can configure either LDP MD5 authentication or LDP keychain authentication based on
their separate characteristics:
l The MD5 algorithm is easy to configure and generates a single password which can be
changed only manually. MD5 authentication applies to the network requiring short-period
encryption.
l Keychain authentication involves a set of passwords and uses a new password when the
previous one expires. Keychain authentication is complex to configure and applies to a
network requiring high security.
NOTE
Keychain authentication and MD5 authentication cannot be both configured on a single LDP peer.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
mpls ldp
The MPLS-LDP view is displayed.
Step 3 Run:
md5-password { plain | cipher } peer-lsr-id password
MD5 authentication is configured and a password is set.
The password can be set in either plaintext or cipher text. A plaintext password is a pre-
configured character string that is directly recorded in a configuration file. A cipher text password
is a character string that is encrypted using a specified algorithm and recorded in a configuration
file.
By default, LDP MD5 authentication is not performed between LDP peers.
NOTE
Characters ^#^# and ^#^# are used as the prefix and suffix of passwords with variable lengths. Characters
^#^# are used in a new password and characters $@$@ are used in an existing password. Characters ^#^#
or $@$@ cannot be configured both at the beginning and end of a ciphertext password.
Huawei AR1200 Series Enterprise Routers
Configuration Guide - MPLS 2 MPLS LDP Configuration
Issue 01 (2011-12-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
64

Table of Contents

Other manuals for Huawei AR1200 Series

Preview: User Configuration Guide
User Configuration Guide232 pages
Preview: Configuration Guide
Configuration Guide392 pages
Preview: Hardware Description
Hardware Description218 pages
Preview: Usage Guide
Usage Guide69 pages
Preview: Configuration Guide - Wlan
Configuration Guide - Wlan58 pages
Preview: Configuration Guide - Voice
Configuration Guide - Voice65 pages
Preview: Compliance And Safety Manual
Compliance And Safety Manual31 pages
Preview: Brochure
Brochure12 pages

Related product manuals