(Optional) Configuring the Authentication Mode for DLDP Packets
Context
To ensure packet validity on an insecure network, users can configure one of the following authentication modes for DLDPDUs.
Authentication Mode |
Description |
|---|---|
Non-authentication mode |
The sender sets the authentication key of the DLDPDUs to all 0s and the authentication type field to 0. The receiver compares the authentication key and authentication type with those set on the local end. If the settings on the two ends are different, the receiver discards the DLDPDUs. |
Simple authentication mode |
The sender sets the authentication key of the DLDPDUs to the plain-text password set on the local end and the authentication type field to 1. The receiver compares the authentication key and authentication type with those set on the local end. If the settings on the two ends are different, the receiver discards the DLDPDUs. |
MD5 authentication mode |
The sender sets the authentication key of the DLDPDUs to the summary of the cipher text obtained from the password set on the local end using the MD5 algorithm, and sets the authentication type field to 2. The receiver compares the authentication key and authentication type with the summary of the cipher text obtained on the local end using the MD5 algorithm. If the settings on the two ends are different, the receiver discards the DLDPDUs. |
SHA authentication mode |
The sender sets the authenticator field of the DLDPDUs to the digest of the cipher text obtained from the password set on the local end using the SHA256 algorithm, and sets the authentication type field to 3. The receiver compares the authenticator and authentication type with the digest of the cipher text obtained on the local end using the SHA256 algorithm. If the settings on the two ends are different, the receiver discards the DLDPDUs. |
Procedure
- Run system-view
The system view is displayed.
- Run dldp authentication-mode { md5 md5-password | simple simple-password | sha sha-password | none }
The authentication mode is configured for DLDPDUs.
By default, the DLDPDUs are not authenticated.
The local and remote devices must use the same authentication mode and the authentication password; otherwise, the authentication fails. DLDP works properly only after the authentication succeeds.
For security purposes, you are advised to use SHA as the authentication algorithm of DLDP.