%LDP-4-PWD: MD5 protection is required!

MPLS LDP messages (discovery, session, advertisement, and notification messages) are exchanged between LDP peers through two channels:

  • LDP discovery messages are transmitted as User Datagram Protocol (UDP) packets to the well-known LDP port.
  • Session, advertisement, and notification messages are exchanged through a TCP connection established between two LDP peers.

The MPLS LDP—Lossless MD5 Session Authentication feature allows an LDP session to be password-protected without tearing down and reestablishing the LDP session.

Old Style

New Style

R2(config)#mpls ldp neighbor 1.1.1.1 password 123
R2(config)#! 
R2(config-if)#interface Ethernet  1/0
R2(config-if)#  ip address 192.168.1.2  255.255.255.0
R2(config-if)#  mpls ip

R2(config)#access-list 99  permit 1.1.1.1
R2(config)#mpls ldp password required for 99
R2(config)#mpls ldp password option 1 for 99 KC
R2(config)#!
R2(config)#key chain KC
R2(config-keychain)#key 1
R2(config-keychain-key)#  key-string password
R2(config-keychain-key)#!
%LDP-5-NBRCHG: LDP Neighbor 1.1.1.1:0 (1) is UP

The disadvantage of using the old method is that when new password is required for a session,  this change would require the LDP session to be tear down. With this feature New passwords can be implemented/changed  without having to tear down the existing LDP session

KeyChain4LDP

A Networker Blog

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s