Saturday, 1 February 2020

LDP Authentication


LDP session are TCP session. So LDP session can be easily spoofed. To avoid this we have  LDP authentication

R1(config)#mpls ldp neighbor 2.2.2.2 password 0 CISCO

R1(config)#
*Dec 13 12:39:37.307: %TCP-6-BADAUTH: No MD5 digest from 2.2.2.2(32291) to 1.1.1.1(646)
R2(config)#mpls ldp neighbor 1.1.1.1 password 0 CISCO

R1#sh mpls ldp discovery
 Local LDP Identifier:
    1.1.1.1:0
    Discovery Sources:
    Interfaces:
        Serial1/2 (ldp): xmit/recv
            LDP Id: 2.2.2.2:0
    Targeted Hellos:
        1.1.1.1 -> 4.4.4.4 (ldp): passive, xmit/recv
            LDP Id: 4.4.4.4:0

No comments:

Post a Comment