mpls ldp neighbor password
初期設定
全I/FにてOSPFとLDPを起動
直接接続
iosv-3(config)#mpls ldp neighbor 192.168.0.1 password ?
0 Specifies an UNENCRYPTED password will follow
7 Specifies a HIDDEN password will follow
LINE The UNENCRYPTED (cleartext) password
iosv-3(config)#mpls ldp neighbor 192.168.0.1 password cisco
iosv-3(config)#do sh run | sec mpls
mpls label protocol ldp
mpls ldp neighbor 192.168.0.1 password cisco <<指定しないと平文になる
mpls ldp explicit-null
mpls ip
mpls ip
iosv-3(config)#do sh mpls ldp neighbor 192.168.0.1 <<なんか普通にネイバーなってる
Peer LDP Ident: 192.168.2.1:0; Local LDP Ident 192.168.0.10:0
TCP connection: 192.168.2.1.38226 - 192.168.0.10.646
State: Oper; Msgs sent/rcvd: 90/86; Downstream
Up time: 01:08:52
LDP discovery sources:
GigabitEthernet0/0, Src IP addr: 192.168.0.1
Addresses bound to peer LDP Ident:
192.168.0.1 192.168.1.1 192.168.2.1
iosv-3(config)#do clear mpls ldp neighbor *
iosv-3(config)#
Jul 18 13:26:07.376: %LDP-5-CLEAR_NBRS: Clear LDP neighbors () by console
*Jul 18 13:26:07.395: %LDP-5-NBRCHG: LDP Neighbor 192.168.2.1:0 (1) is DOWN (User cleared session manually)
*Jul 18 13:26:07.396: %LDP-5-NBRCHG: LDP Neighbor 172.16.1.2:0 (2) is DOWN (User cleared session manually)
iosv-3(config)#
*Jul 18 13:26:09.185: %LDP-5-NBRCHG: LDP Neighbor 192.168.2.1:0 (3) is UP <<iosv-0(ルータIDは最大値が選ばれるので2.1)
iosv-3(config)#
*Jul 18 13:26:10.521: %LDP-5-NBRCHG: LDP Neighbor 172.16.1.2:0 (4) is UP
iosv-3(config)#
iosv-3#sh mpls ldp neighbor 192.168.0.1
Peer LDP Ident: 192.168.2.1:0; Local LDP Ident 192.168.0.10:0
TCP connection: 192.168.2.1.44867 - 192.168.0.10.646
State: Oper; Msgs sent/rcvd: 14/14; Downstream
Up time: 00:06:29
LDP discovery sources:
GigabitEthernet0/0, Src IP addr: 192.168.0.1
Addresses bound to peer LDP Ident:
192.168.0.1 192.168.1.1 192.168.2.1 clearしてもネイバーがなくならない。
非直接接続
iosv-3(config)#mpls ldp neighbor 192.168.1.10 targeted
iosv-3(config)#
*Jul 18 13:35:06.457: %LDP-5-NBRCHG: LDP Neighbor 192.168.1.10:0 (1) is UP
iosv-3(config)#mpls ldp neighbor 192.168.1.10 password cisco
iosv-3(config)#do sh run | sec mpls
mpls label protocol ldp
mpls ldp neighbor 192.168.0.1 password cisco
mpls ldp neighbor 192.168.1.10 password cisco
mpls ldp neighbor 192.168.1.10 targeted
mpls ldp explicit-null
mpls ip
mpls ip
iosv-3(config)#do clear mpls ldp neighbor *
iosv-3(config)#
Jul 18 13:35:42.219: %LDP-5-CLEAR_NBRS: Clear LDP neighbors () by console
*Jul 18 13:35:42.243: %LDP-5-NBRCHG: LDP Neighbor 192.168.2.1:0 (3) is DOWN (User cleared session manually)
*Jul 18 13:35:42.244: %LDP-5-NBRCHG: LDP Neighbor 172.16.1.2:0 (4) is DOWN (User cleared session manually)
*Jul 18 13:35:42.245: %LDP-5-NBRCHG: LDP Neighbor 192.168.1.10:0 (1) is DOWN (User cleared session manually)
iosv-3(config)#
*Jul 18 13:35:42.575: %TCP-6-BADAUTH: No MD5 digest from 192.168.1.10(43263) to 192.168.0.10(646) tableid - 0
iosv-3(config)#
*Jul 18 13:35:44.592: %TCP-6-BADAUTH: No MD5 digest from 192.168.1.10(43263) to 192.168.0.10(646) tableid - 0
iosv-3(config)#
*Jul 18 13:35:45.717: %LDP-5-NBRCHG: LDP Neighbor 172.16.1.2:0 (1) is UP
*Jul 18 13:35:46.673: %LDP-5-NBRCHG: LDP Neighbor 192.168.2.1:0 (2) is UP
iosv-3(config)#
*Jul 18 13:35:48.580: %TCP-6-BADAUTH: No MD5 digest from 192.168.1.10(43263) to 192.168.0.10(646) tableid - 0
iosv-3(config)#
*Jul 18 13:35:56.561: %TCP-6-BADAUTH: No MD5 digest from 192.168.1.10(43263) to 192.168.0.10(646) tableid - 0b
iosv-3(config)#do sh mpls ldp neighbor 192.168.1.10 <<何も出てこない
iosv-3(config)#
*Jul 18 13:36:16.390: %TCP-6-BADAUTH: No MD5 digest from 192.168.1.10(17480) to 192.168.0.10(646) tableid - 0
spoke1(config)#mpls ldp neighbor 192.168.0.10 password cisco <<対向にもパスワードを設定することでアップする
spoke1(config)#
*Jul 17 03:32:32.077: %LDP-5-NBRCHG: LDP Neighbor 192.168.0.10:0 (2) is UPmpls ldp neighbor targetedで非直接接続のネイバーを作ってパスワードを設定。想定通りネイバーがダウンして定期的にパスワードが設定されていない旨のログメッセージが出力される。
show mpls ldp neighbor detail
iosv-3#sh mpls ldp neighbor 192.168.2.1 detail
Peer LDP Ident: 192.168.2.1:0; Local LDP Ident 192.168.0.10:0
TCP connection: 192.168.2.1.14566 - 192.168.0.10.646
Password: not required, none, in use
State: Oper; Msgs sent/rcvd: 9/9; Downstream; Last TIB rev sent 8
Up time: 00:02:03; UID: 20; Peer Id 1;
LDP discovery sources:
GigabitEthernet0/0; Src IP addr: 192.168.0.1
holdtime: 15000 ms, hello interval: 5000 ms
Addresses bound to peer LDP Ident:
192.168.0.1 192.168.1.1 192.168.2.1
Peer holdtime: 180000 ms; KA interval: 60000 ms; Peer state: estab
Capabilities Sent:
[Dynamic Announcement (0x0506)]
[Typed Wildcard (0x050B)]
Capabilities Received:
[Dynamic Announcement (0x0506)]
[Typed Wildcard (0x050B)]
iosv-3#sh mpls ldp neighbor 192.168.1.10 detail
Peer LDP Ident: 192.168.1.10:0; Local LDP Ident 192.168.0.10:0
TCP connection: 192.168.1.10.26343 - 192.168.0.10.646; MD5 on
Password: not required, neighbor, in use
State: Oper; Msgs sent/rcvd: 9/9; Downstream; Last TIB rev sent 8
Up time: 00:02:04; UID: 22; Peer Id 5;
LDP discovery sources:
Targeted Hello 192.168.0.10 -> 192.168.1.10, active, passive;
holdtime: infinite, hello interval: 10000 ms
Addresses bound to peer LDP Ident:
192.168.1.10
Peer holdtime: 180000 ms; KA interval: 60000 ms; Peer state: estab
Clients: Dir Adj Client
Capabilities Sent:
[Dynamic Announcement (0x0506)]
[Typed Wildcard (0x050B)]
Capabilities Received:
[Dynamic Announcement (0x0506)]
[Typed Wildcard (0x050B)]passwordを設定しているはずなのに"not required"になってる。
CCOでは"required"になってるのに。まあ、CMLたまにいい加減なところあるから(port-securityもコマンド足りなかったりする)それでかな?
CCOはちゃんと確認してるのでよしとする。
直接接続について追記
iosv-3(config)#mpls ldp neighbor 10.10.10.10 password cisco
iosv-3(config)#do clear mpls ldp neighbor *
*Jul 18 15:29:16.669: %LDP-5-NBRCHG: LDP Neighbor 10.10.10.10:0 (5) is DOWN (User cleared session manually)
*Jul 18 15:29:21.486: %TCP-6-BADAUTH: No MD5 digest from 10.10.10.10(11111) to 3.3.3.3(646) tableid - 0ネイバーを指定するときは、対向の物理I/Fを指定するのではなく、ルータIDを指定しなければならない。
パスワードを設定してもネイバーが継続したのはそのせい。