68
Configuring LDP MD5 authentication
LDP sessions are established based on TCP connections. To improve the security of LDP sessions, you can
configure MD5 authentication for the underlying TCP connections, so that the TCP connections can be
established only if the peers have the same authentication password.
IMPORTANT:
To establish an LDP session successfully between two LDP peers, make sure their LDP MD5 authentication
settings are the same.
To configure LDP MD5 authentication:
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter MPLS LDP view.
mpls ldp N/A
3. Enable LDP MD5
authentication and set the
password.
md5-password { cipher | plain }
peer-lsr-id password
By default, LDP MD5
authentication is disabled.
Configuring LDP label filtering
The LDP label filtering feature provides two mechanisms, label acceptance control for controlling which
labels are accepted and label advertisement control for controlling which labels are advertised. In
complicated MPLS network environments, you can use LDP label filtering to control which LSPs are to be
established dynamically and prevent devices from accepting and advertising excessive label bindings.
Label acceptance control
Label acceptance control is for filtering received label bindings. An upstream LSR filters the label
bindings received from the specified downstream LSR and accepts only those permitted by the specified
prefix list. As shown in Figure 19, up
stream device LSR A filters the label bindings received from
downstream device LSR B. Only if the destination address of an FEC matches the specified prefix list,
does LSR A accept the label binding of the FEC from LSR B. LSR A does not filter label bindings received
from downstream device LSR C.
Figure 19 Network diagram of label acceptance control
To Next Page
Loading...
Need help?
General
