для Cisco Cisco IOS Software Release 12.0(13)S7
MPLS—LDP MD5 Global Configuration
How to Configure the MPLS—LDP MD5 Global Configuration Feature
5
Cisco IOS Release: Multiple releases
How to Configure the MPLS—LDP MD5 Global Configuration
Feature
Feature
Perform the following tasks to configure the MPLS—LDP MD5 Global Configuration feature:
•
•
(required)
•
(optional)
Password Requirements for LDP Sessions
You might require password protection for a certain set of neighbors for security reasons (for example,
to prevent LDP sessions being established with unauthorized peers, or to block spoofed TCP messages).
To enforce this security, you can configure a password requirement for LDP sessions with those
neighbors that must have MD5 protection (TCP session uses a password).
to prevent LDP sessions being established with unauthorized peers, or to block spoofed TCP messages).
To enforce this security, you can configure a password requirement for LDP sessions with those
neighbors that must have MD5 protection (TCP session uses a password).
If you configure a password requirement for a neighbor and you did not configure a password for the
neighbor, LDP tears down the LDP sessions with the neighbor. LDP also tears down the LDP sessions
with the neighbor if you configured a password requirement and a password and the password is not used
in the LDP sessions.
neighbor, LDP tears down the LDP sessions with the neighbor. LDP also tears down the LDP sessions
with the neighbor if you configured a password requirement and a password and the password is not used
in the LDP sessions.
If a password is required for a neighbor and the LDP sessions with the neighbor are established to use a
password, any configuration that removes the password for the neighbor causes the LDP sessions to be
torn down.
password, any configuration that removes the password for the neighbor causes the LDP sessions to be
torn down.
To avoid unnecessary LDP session flapping, you should perform the task as described in this section and
use caution when you change LDP passwords.
use caution when you change LDP passwords.
Identifying LDP Neighbors for LDP MD5 Password Protection
Perform the following task to identify LDP neighbors for LDP MD5 password protection.
Prerequites
Before you start to configure passwords for LDP sessions, you must identify neighbors or groups of
peers for which you want to provide MD5 protection. For example:
peers for which you want to provide MD5 protection. For example:
•
You might have several customers that all use the same core routers. To ensure security you might
want to provide each customer with a different password.
want to provide each customer with a different password.
•
You could have defined several departmental VRFs in your network. You could provide password
protection for each VRF.
protection for each VRF.
•
Certain groups of peers might require password protection for security reasons. Password protection
prevents unwanted LDP sessions.
prevents unwanted LDP sessions.
Before you start to configure passwords for LDP sessions, you must identify neighbors or groups of
peers for which you want to provide LDP MD5 password protection. This task uses the network in
peers for which you want to provide LDP MD5 password protection. This task uses the network in
to show how you might identify LDP neighbors for LDP MD5 protection.
After you identify LDP neighbors or a group of peers for LDP MD5 protection, you must decide if
password protection is mandatory and what password commands to use for each peer.
password protection is mandatory and what password commands to use for each peer.