< Home

md5-password

Function

The md5-password command sets the password that is used by a TCP connection during the creation of an LDP session.

The undo md5-password command disables MD5 authentication.

By default, MD5 authentication is disabled during the creation of an LDP session.

Format

md5-password { plain | cipher } peer-lsr-id password

undo md5-password [ plain | cipher ] peer-lsr-id

Parameters

Parameter Description Value
plain Displays the password in plain text.
NOTICE:

If plain is selected, the password is saved in the configuration file in plain text. In this case, users at a lower level can easily obtain the password by viewing the configuration file. This brings security risks. Therefore, it is recommended that you select cipher to save the password in cipher text.

 -
cipher Displays the password in cipher text. -
peer-lsr-id Specifies the LSR ID of the peer, which identifies the peer LSR. The value is in dotted decimal notation.
password Specifies the password. The value is a string of characters, spaces not supported. For a plain password, the string is 1 to 255 characters. For an encrypted password, the string is 20 to 392 characters. When double quotation marks are used around the string, spaces are allowed in the string.

Views

MPLS-LDP view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

MD5 authentication can be configured for a TCP connection over which an LDP session is established, improving security. Note that the peers of an LDP session can be configured with different encryption modes (plain or cipher text mode), but must be configured with a single password.

LDP MD5 authentication generates a unique digest for an information segment to prevent LDP packets from being modified. LDP MD5 authentication is stricter than common checksum verification for TCP connections.

A password can be set either in cipher text or plain text. A plain text password is a character string that is pre-configured and directly recorded in a configuration file. A cipher text password is a character string that is recorded in a configuration file after being encrypted using a specified algorithm.

Prerequisites

MPLS LDP has been enabled globally using the mpls ldp command in the system view.

Precautions

  • MD5 authentication and keychain authentication cannot be configured together on one peer. Note that MD5 encryption algorithm cannot ensure security. Keychain authentication is recommended.

  • If the password on a peer changes, the LDP session is reestablished and the LSP associated with the original LDP session is deleted.

Example

# Configure the local node to perform MD5 authentication when it establishes an LDP session with its peer.

<HUAWEI> system-view
[HUAWEI] mpls ldp
[HUAWEI-mpls-ldp] md5-password cipher 2.2.2.2 Huawei-123
Parent Topic: Basic MPLS Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >