Configuring Ldp Keychain Authentication - Huawei AR1200 Series Configuration Manual - Mpls

Enterprise routers

Hide thumbs Also See for AR1200 Series:

Configuration manual (392 pages)

User configuration manual (232 pages)

Hardware description (218 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

page of 132

/ 132
Contents
Table of Contents
Bookmarks

Table of Contents

Huawei AR1200 Series Enterprise Routers

Configuration Guide - MPLS

Configuring LDP keychain authentication leads to reestablishment of an LDP session and deletes

the LSP associated with the LDP session.

----End

2.10.3 Configuring LDP Keychain Authentication

LDP keychain authentication can be configured to improve the security of a connection used by

an LDP session. LDP authentication is configured on LSRs at both ends of an LDP session.

Context

To help improve LDP session security, keychain authentication can be configured for a TCP

connection over which an LDP session has been established.

During keychain authentication, a group of passwords are defined in the format of a password

string, and each password is assigned a specified encryption and decryption algorithm such as

MD5 or secure hash algorithm-1 (SHA-1) and configured with a validity period. When sending

or receiving a packet, the system selects a valid password. Within the validity period of the

password, the system uses the encryption algorithm matching the password to encrypt the packet

before sending it out, or uses the decryption algorithm matching the password to decrypt the

packet before accepting it. In addition, the system automatically uses a new password after the

previous password expires, minimizing password decryption risks.

You can configure either LDP MD5 authentication or LDP keychain authentication based on

their separate characteristics:

Before configuring LDP keychain authentication, configure keychain globally. For the detailed

configuration procedure, see the Huawei AR1200 Series Enterprise Routers Configuration

Guide - Security.

Procedure

Step 1 Run:

system-view

The system view is displayed.

Step 2 Run:

mpls ldp

The MPLS-LDP view is displayed.

Issue 01 (2011-12-30)

CAUTION

The MD5 algorithm is easy to configure and generates a single password which can be

changed only manually. MD5 authentication applies to the network requiring short-period

encryption.

Keychain authentication involves a set of passwords and uses a new password when the

previous one expires. Keychain authentication is complex to configure and applies to a

network requiring high security.

NOTE

Keychain authentication and MD5 authentication cannot be both configured on a single LDP peer.

Huawei Proprietary and Confidential

2 MPLS LDP Configuration

Table of Contents

Configuring Ldp Keychain Authentication - Huawei AR1200 Series Configuration Manual - Mpls

2.10.3 Configuring LDP Keychain Authentication

Related Manuals for Huawei AR1200 Series

Related Content for Huawei AR1200 Series

Table of Contents