4000 Router Series MPLS Command Reference

[Sysname-ldp] maxhops 25

Related commands

• display mpls ldp parameter

• loop-detect

• pv-limit

md5-authentication

Use md5-authentication to enable LDP MD5 authentication.

Use undo md5- authentication to restore the default.

Syntax

md5-authentication peer-lsr-id { cipher | plain } password

undo md5-authentication peer-lsr-id

Default

LDP MD5 authentication is disabled.

Views

LDP view, LDP-VPN instance view

Predefined user roles

network-admin

Parameters

peer-lsr-id: Specifies the LSR ID of a peer.

cipher: Sets a ciphertext key.

plain: Sets a plaintext key.

password: Specifies a case-sensitive key string. If plain is specified, it must be a plaintext string of 1 to 16

characters. If cipher is specified, it must be a ciphertext string of 1 to 53 characters.

For security purposes, all keys, including keys configured in plain text, are saved in cipher text.

Usage guidelines

To improve security for LDP sessions, you can configure MD5 authentication for the underlying TCP

connections to check the integrity of LDP messages.

The local LSR and the peer LSR must have the same key. Otherwise, they cannot establish a TCP

connection.

After you change the MD5 authentication key, the local LSR uses the new key to re-establish an LDP

session with the specified peer.

Examples

# Enable LDP MD5 authentication for peer 3.3.3.3 in the public network, and set a plaintext key of pass.

<Sysname> system-view

[Sysname] mpls ldp

[Sysname-ldp] md5-authentication 3.3.3.3 plain pass