[x]

LDP common commands > md5-authentication

 

 Next

md5-authentication

Use md5-authentication to enable LDP MD5 authentication.

Use undo md5-authentication to disable LDP MD5 authentication.

Syntax

md5-authentication peer-lsr-id { cipher | plain } string

undo md5-authentication peer-lsr-id

Default

LDP MD5 authentication is disabled.

Views

LDP view

LDP-VPN instance view

Predefined user roles

network-admin

Parameters

peer-lsr-id: Specifies the LSR ID of a peer.

cipher: Specifies a key in encrypted form.

plain: Specifies a key in plaintext form. For security purposes, the key specified in plaintext form will be stored in encrypted form.

string: Specifies the key. Its plaintext form is a case-sensitive string of 1 to 16 characters. Its encrypted form is a case-sensitive string of 1 to 53 characters.

Usage guidelines

To improve security for LDP sessions, you can configure MD5 authentication for the underlying TCP connections to check the integrity of LDP messages.

For the local LSR and the peer LSR to establish a TCP connection, they must have the same key.

MD5 authentication key settings take effect only on new LDP sessions. To apply the new settings to existing LDP sessions, you must reset the LDP sessions by using the reset mpls ldp command.

Examples

# Enable LDP MD5 authentication for peer 3.3.3.3 on the public network, and set a key of pass in plaintext form.

<Sysname> system-view
[Sysname] mpls ldp
[Sysname-ldp] md5-authentication 3.3.3.3 plain pass

Related commands

display mpls ldp peer

prev

 

up

 next

maxhops 

home

 mpls ldp

© Copyright 2017 Hewlett Packard Enterprise Development LP