â– mpls ldp igp sync holddown
â– mpls ldp sync
Configuring LDP MD5 Authentication
LDP MD5 authentication provides protection against spoofed TCP segments that can
be introduced into the connection streams for LDP sessions. Authentication is
configurable for both directly connected and targeted peers.
You configure a shared secret (password) on potential LDP peers. Any given pair of
peers must share the same password. When a peer sends a TCP segment to an LSR,
it uses the password and the segment to compute an MD5 digest that it sends along
with the segment.
When the LSR receives the segment, the LSR calculates its own version of the digest
using its instance of the password and the segment. The LSR validates the segment
if the local digest matches the received digest. If the comparison fails—for example,
if the password is not configured the same on both peers—the LSR drops the segment
and does not send a response to the peer.
You can optionally enable a strict authentication mode that allows only peers
configured with passwords to establish sessions. In this mode, LDP hello messages
from peers that have no password are ignored. If you do not configure strict
authentication, then peers that do not have configured passwords can establish
connections with each other.
If you configure LDP MD5 authentication or change the authentication password for
a peer while it is in an established LDP session, MPLS restarts that session.
To configure LDP MD5 authentication:
1. Set the password for an LDP peer.
host1(config)#mpls ldp neighbor 10.3.5.1 password rop23ers
2. (Optional) Set strict LDP authentication mode so that only peers with passwords
can establish LDP sessions.
host1(config)#mpls ldp strict-security
Related Topics â– Basic MPLS Configuration Tasks on page 268
â– Additional LDP Configuration Tasks on page 281
â– mpls ldp neighbor password
â– mpls ldp strict-security
Configuring LDP MD5 Authentication â– 285
Chapter 3: Configuring MPLS
To Next Page
Loading...
Need help?
General
