Configuring ldp md5 authentication – H3C Technologies H3C S7500E Series Switches User Manual

2-20

To do…

Use the command…

Remarks

Set the maximum hop count

hops-count hop-number

Optional

32 by default

Set the maximum path vector

length

path-vectors pv-number

Optional

32 by default

z

The loop detection modes configured on two LDP peers must be the same. Otherwise, the LDP
session cannot be established.

z

To implement loop detection in an MPLS domain, you need to enable loop detection on every
LSR in the MPLS domain.

z

You need to configure loop detection before enabling LDP capability on any interface.

z

All loop detection configurations take effect for only the LSPs established after the configurations.
Changing the loop detection configurations does not affect existing LSPs. You can execute the

reset mpls ldp

command in user view, so that the loop detection configurations can take effect

for all LSPs.

z

As LDP loop detection may result in LSP update, which will generate redundant information and
consume many system resources, it is recommended to use the routing loop detection methods.

Configuring LDP MD5 Authentication

LDP sessions are established based on TCP connections. To improve the security of LDP sessions,
you can configure MD5 authentication for the underlying TCP connections, so that the TCP
connections can be established only if the peers have the same authentication password.

Follow these steps to configure LDP MD5 authentication:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter MPLS LDP view

mpls ldp

—

Enable LDP MD5 authentication

and set the password

md5-password

{ cipher | plain }

peer-lsr-id password

Required

Disabled by default

To establish an LDP session successfully between two LDP peers, make sure that the LDP MD5
authentication configurations on the LDP peers are consistent.