mpls ldp password required など
初期設定
全I/FでOSPFとLDP起動
mpls ldp password required
iosv-3(config)#mpls ldp password required
iosv-3(config)#
*Jul 18 15:37:25.273: %LDP-5-NBRCHG: LDP Neighbor 1.1.1.1:0 (2) is DOWN (Session's MD5 password changed)
*Jul 18 15:37:25.274: %LDP-5-NBRCHG: LDP Neighbor 4.4.4.4:0 (4) is DOWN (Session's MD5 password changed)
iosv-3(config)#
*Jul 18 15:37:28.205: %LDP-4-PWD: MD5 protection is required for peer 4.4.4.4:0, no password configured
iosv-3(config)#do sh mpls ldp neighbor
Peer LDP Ident: 10.10.10.10:0; Local LDP Ident 3.3.3.3:0
TCP connection: 10.10.10.10.41170 - 3.3.3.3.646
State: Oper; Msgs sent/rcvd: 21/20; Downstream
Up time: 00:06:59
LDP discovery sources:
GigabitEthernet0/0, Src IP addr: 192.168.0.1
Addresses bound to peer LDP Ident:
192.168.1.1 192.168.2.1 192.168.0.1 10.10.10.10 もともとパスワードを設定してあったiosv-0以外ネイバーがすべて消えた。
パケットキャプチャ
◎UDPでのHelloのやりとりまではうまくいっている
◎TCP握手でSYN,ACKが送られてくるところをRESETが飛んできてネイバーになれずにいる
for ACL
iosv-3(config)#access-list 1 permit host 1.1.1.1
iosv-3(config)#mpls ldp password required for 1
iosv-3(config)#
*Jul 18 15:43:36.888: %LDP-5-NBRCHG: LDP Neighbor 1.1.1.1:0 (2) is DOWN (Session's MD5 password changed)
iosv-3(config)#
*Jul 18 15:43:41.422: %LDP-4-PWD: MD5 protection is required for peer 1.1.1.1:0, no password configured
iosv-3(config)#
iosv-3(config)#do sh mpls ldp neighbor
Peer LDP Ident: 10.10.10.10:0; Local LDP Ident 3.3.3.3:0
TCP connection: 10.10.10.10.41170 - 3.3.3.3.646
State: Oper; Msgs sent/rcvd: 29/28; Downstream
Up time: 00:14:05
LDP discovery sources:
GigabitEthernet0/0, Src IP addr: 192.168.0.1
Addresses bound to peer LDP Ident:
192.168.1.1 192.168.2.1 192.168.0.1 10.10.10.10
Peer LDP Ident: 4.4.4.4:0; Local LDP Ident 3.3.3.3:0
TCP connection: 4.4.4.4.34920 - 3.3.3.3.646
State: Oper; Msgs sent/rcvd: 15/15; Downstream
Up time: 00:01:51
LDP discovery sources:
GigabitEthernet0/1, Src IP addr: 172.16.1.2
Addresses bound to peer LDP Ident:
172.16.1.2 4.4.4.4 ACLで指定したネイバーにのみパスワードを要求する。