md5-password
Function
The md5-password command sets the password that is used for a TCP connection during the creation of an LDP session. The passwords on both ends of the TCP connection must be the same.
The undo md5-password command restores the default configuration.
By default, the Message-digest algorithm 5 (MD5) authentication is disabled during the creation of an LDP session. Enabling MD5 authentication is recommended to ensure system security.
Format
md5-password { plain | cipher } peer-lsr-id password
undo md5-password [ plain | cipher ] peer-lsr-id
Parameters
| Parameter | Description | Value |
|---|---|---|
| plain | Displays the password in plaintext. | - |
| cipher | Displays the password in cipher text. | - |
| peer-lsr-id | Specifies the label switching router (LSR) ID of the peer, which identifies the peer LSR. | Expressed in dotted decimal notation |
| password | Specifies the password. | A string of characters, spaces not supported. For
a plain password, the string is 1 to 255 characters. For an encrypted
password, the string is 20 to 392 characters. NOTE:
When double quotation marks are used around the string,
spaces are allowed in the string. |
When configuring an authentication password, select the ciphertext mode because the password is saved in configuration files in plaintext if you select plaintext mode, which has a high risk. To ensure device security, change the password periodically.
Usage Guidelines
Usage Scenario
MD5 authentication can be configured for a TCP connection over which an LDP session is established, improving security.
LDP MD5 authentication generates a unique digest for an information segment to prevent LDP packets from being modified. LDP MD5 authentication is stricter than common checksum verification for TCP connections.
A password can be set either in cipher text or plain text. A plain text password is a character string that is pre-configured and directly recorded in a configuration file. A cipher text password is a character string that is recorded in a configuration file after being encrypted using a specified algorithm.
Prerequisites
MPLS LDP has been enabled globally using the mpls ldp command in the system view.
Precautions
- MD5 authentication and keychain authentication cannot be configured together on one peer.
- If the password on a peer changes, the LDP session is reestablished and the LSP associated with the original LDP session is deleted.
Example
# Configure the MD5 authentication for the establishment of an LDP session between the local router and peer router.
<sysname> system-view
[sysname] mpls ldp
[sysname-mpls-ldp] md5-password cipher 2.2.2.2 Huawei-123
[HUAWEI] mpls ldp vpn-instance vpn1
[HUAWEI-mpls-ldp-vpn-instance-vpn1] md5-password cipher 4.4.4.4 Huawei-123