Dldp authentication mode, Dldp implementation – H3C Technologies H3C S7500E Series Switches User Manual
Page 56
6-6
DLDP authentication mode
You can prevent network attacks and illegal detect through DLDP authentication. Three DLDP
authentication modes exist, as described below.
z
Non-authentication. In this mode, the sending side sets the Authentication field and the
Authentication type field of DLDP packets to 0. The receiving side checks the values of the two
fields of received DLDP packets and drops the packets with the two fields conflicting with the
corresponding local configuration.
z
Plain text authentication. In this mode, before sending a DLDP packet, the sending side sets the
Authentication field to the password configured in plain text and sets the Authentication type field
to 1. The receiving side checks the values of the two fields of received DLDP packets and drops
the packets with the two fields conflicting with the corresponding local configuration.
z
MD5 authentication. In this mode, before sending a packet, the sending side encrypts the user
configured password using MD5 algorithm, assigns the digest to the Authentication field, and sets
the Authentication type field to 2. The receiving side checks the values of the two fields of
received DLDP packets and drops the packets with the two fields conflicting with the
corresponding local configuration.
DLDP implementation
1) On a DLDP-enabled link that is in up state, DLDP sends DLDP packets to the peer device and
processes the DLDP packets received from the peer device. DLDP packets sent vary with DLDP
lists DLDP states and the corresponding packets.
Table 6-4 DLDP packet types and DLDP states
DLDP state
Type of DLDP packets sent
Active
Advertisement packet with RSY tag
Advertisement
Normal Advertisement packet
Probe Probe
packet
Disable
Disable packet and then RecoverProbe packet
When a device transits from a DLDP state other than Inactive state or Disable state to Initial state, it
sends Flush packets.
2) A received DLDP packet is processed as follows.
z
In any of the three authentication modes, the packet is dropped if it fails to pass the
authentication.
z
The packet is dropped if the setting of the interval to send Advertisement packets it carries
conflicts with the corresponding local setting.
z
Other processes are as shown in
.