Configuring Ldp Md5 Authentication; Configuring Ldp Label Filtering - HP 10500 SERIES Configuration Manual

Configuring LDP MD5 authentication

LDP sessions are established based on TCP connections. To improve the security of LDP sessions, you can
configure MD5 authentication for the underlying TCP connections, so that the TCP connections can be
established only if the peers have the same authentication password.
IMPORTANT:
To establish an LDP session successfully between two LDP peers, make sure their LDP MD5 authentication
settings are the same.
To configure LDP MD5 authentication:
Step
1. Enter system view.
2. Enter MPLS LDP view.
3. Enable LDP MD5
authentication and set the
password.

Configuring LDP label filtering

The LDP label filtering feature provides two mechanisms, label acceptance control for controlling which
labels are accepted and label advertisement control for controlling which labels are advertised. In
complicated MPLS network environments, you can use LDP label filtering to control which LSPs are to be
established dynamically and prevent devices from accepting and advertising excessive label bindings.
Label acceptance control
Label acceptance control is for filtering received label bindings. An upstream LSR filters the label
bindings received from the specified downstream LSR and accepts only those permitted by the specified
prefix list. As shown in
downstream device LSR B. Only if the destination address of an FEC matches the specified prefix list,
does LSR A accept the label binding of the FEC from LSR B. LSR A does not filter label bindings received
from downstream device LSR C.
Figure 19 Network diagram of label acceptance control
Command
system-view
mpls ldp
md5-password { cipher | plain }
peer-lsr-id password
Figure 19, upstream device LSR A filters the label bindings received from
68
Remarks
N/A
N/A
By default, LDP MD5
authentication is disabled.