beautypg.com

Dldp authentication mode, Dldp implementation – H3C Technologies H3C S7500E Series Switches User Manual

Page 56

background image

6-6

DLDP authentication mode

You can prevent network attacks and illegal detect through DLDP authentication. Three DLDP

authentication modes exist, as described below.

z

Non-authentication. In this mode, the sending side sets the Authentication field and the

Authentication type field of DLDP packets to 0. The receiving side checks the values of the two

fields of received DLDP packets and drops the packets with the two fields conflicting with the

corresponding local configuration.

z

Plain text authentication. In this mode, before sending a DLDP packet, the sending side sets the

Authentication field to the password configured in plain text and sets the Authentication type field

to 1. The receiving side checks the values of the two fields of received DLDP packets and drops

the packets with the two fields conflicting with the corresponding local configuration.

z

MD5 authentication. In this mode, before sending a packet, the sending side encrypts the user

configured password using MD5 algorithm, assigns the digest to the Authentication field, and sets

the Authentication type field to 2. The receiving side checks the values of the two fields of

received DLDP packets and drops the packets with the two fields conflicting with the

corresponding local configuration.

DLDP implementation

1) On a DLDP-enabled link that is in up state, DLDP sends DLDP packets to the peer device and

processes the DLDP packets received from the peer device. DLDP packets sent vary with DLDP

states.

Table 6-4

lists DLDP states and the corresponding packets.

Table 6-4 DLDP packet types and DLDP states

DLDP state

Type of DLDP packets sent

Active

Advertisement packet with RSY tag

Advertisement

Normal Advertisement packet

Probe Probe

packet

Disable

Disable packet and then RecoverProbe packet

When a device transits from a DLDP state other than Inactive state or Disable state to Initial state, it

sends Flush packets.

2) A received DLDP packet is processed as follows.

z

In any of the three authentication modes, the packet is dropped if it fails to pass the

authentication.

z

The packet is dropped if the setting of the interval to send Advertisement packets it carries

conflicts with the corresponding local setting.

z

Other processes are as shown in

Table 6-5

.

This manual is related to the following products: