|
|
|
Step 1 |
configure terminal Example: switch# configure terminal switch(config)# |
Enters global configuration mode. |
Step 2 |
ip prefix-list prefix-list permit network/ length Example: switch(config)# ip prefix-list p1 permit 10.0.0.0/32 |
Creates an IP prefix list and specifies the prefixes permitted by the prefix list. The prefix-list argument can be up to 63 characters. |
Step 3 |
key chain keychain-name Example: switch(config)# key chain KeyChain1 switch(config-keychain)# |
Identifies a group of authentication keys and enters keychain configuration mode. |
Step 4 |
key key-id Example: switch(config-keychain)# key 1 switch(config-keychain-key)# |
Identifies an authentication key on a keychain and enters keychain key configuration mode. The key-id argument must be a numeral from 0 to 65535. |
Step 5 |
key-string key Example: switch(config-keychain-key)# key-string pwd1 |
Specifies the authentication string for a key. The string argument can be from 1 to 80 uppercase or lowercase alphanumeric characters. The first character cannot be a numeral. Note If you plan to configure a fallback keychain in Step 13, repeat Steps 3 through 5 to configure a backup keychain. |
Step 6 |
accept-lifetime { start-time | local start-time } { duration seconds | end-time | infinite } Example: switch(config-keychain-key)# accept-lifetime 10:00:00 Jan 13 2010 10:00:00 Jun 13 2010 |
Specifies the time period during which the authentication key on a keychain can be used for verifying incoming TCP segments. The start-time argument identifies the time to start, and the local start-time argument identifies the time to start in the local time zone. Both arguments have the same parameters:
- hh:mm:ss is the time format.
- Enter the number of days from 1 to 31.
- Enter the name of the month.
- Enter the year from the present to 2035.
Note The time reference depends on the clock time zone configuration on the router. If it is configured, the local time zone is used (for example, EST, PST, or so on). Once the start time is entered, select from the following:
- The duration keyword sets the key lifetime duration in seconds.
- The end-time argument sets the time to stop. These parameters are the same as those used for the start-time argument.
- The infinite keyword allows the accept-lifetime period to never expire.
Note If the no accept-lifetime value is defined, the associated receive password is valid for authenticating incoming TCP segments. |
Step 7 |
send-lifetime { start-time | local start-time } { duration seconds | end-time | infinite } Example: switch(config-keychain-key)# send-lifetime 10:00:00 Jan 13 2010 10:00:00 Jun 13 2010 |
Specifies the time period during which the authentication key on a keychain can be used for verifying outgoing TCP segments. The start-time argument identifies the time to start, and the local start-time argument identifies the time to start in the local time zone. Both arguments have the same parameters:
- hh : mm : ss is the time format.
- Enter the number of days from 1 to 31.
- Enter the name of the month.
- Enter the year from 1993 to 2035.
Note The time reference depends on the clock time zone configuration on the router. If it is configured, the local time zone is used (for example, EST, PST, or so on). Once the start time is entered, select from the following:
- The duration keyword sets the send lifetime duration in seconds.
- The end-time argument sets the time to stop. These parameters are the same as those used for the start-time argument.
- The infinite keyword allows the send lifetime period to never expire.
Note If the no send-lifetime value is defined, the associated send password is valid for authenticating outgoing TCP segments. |
Step 8 |
exit Example: switch(config-keychain-key)# exit switch(config-keychain)# |
Exits keychain key configuration mode. |
Step 9 |
exit Example: switch(config-keychain)# exit switch(config)# |
Exits keychain configuration mode. |
Step 10 |
mpls ldp configuration Example: switch(config)# mpls ldp configuration switch(config-ldp)# |
Enters LDP configuration mode. |
Step 11 |
password required [ for prefix-list ] Example: switch(config-ldp)# password required for p1 |
(Optional) Specifies that LDP must use a password when establishing a session between LDP peers. The for prefix-list keyword-argument pair names a prefix list, which specifies that a password is mandatory only for LDP sessions with neighbors whose LDP router IDs are permitted by the list. |
Step 12 |
password option number for prefix-list key-chain keychain-name Example: switch(config-ldp)# password option 25 for p1 key-chain KeyChain1 |
Configures an MD5 password for LDP sessions with neighbors whose LDP router IDs are permitted by a specified prefix list.
- The number argument defines the order in which the prefix lists are evaluated in the determination of a neighbor password. The valid range is from 1 to 32767.
- The for prefix-list keyword-argument pair specifies the name of the prefix list that includes the LDP router IDs of those neighbors for which the password applies.
- The key-chain keychain-name keyword-argument pair specifies a keychain of multiple MD5 keys to be used for the specified LDP sessions.
|
Step 13 |
password fallback key-chain keychain-name Example: switch(config-ldp)# password fallback key-chain KeyChainBackup |
(Optional) Configures a backup MD5 keychain for peers that have no keychain configured in Step 12. The key-chain keychain-name keyword-argument pair specifies a keychain of multiple MD5 keys to be used for the LDP sessions. |
Step 14 |
show mpls ldp neighbor [ ip-address | interface slot/port ] [ detail ] Example: switch(config-ldp)# show mpls ldp neighbor detail |
(Optional) Displays the status of LDP sessions.
- The ip-address argument identifies the neighbor with the IP address for which password protection is configured.
- The interface argument lists the LDP neighbors accessible over this interface.
- The detail keyword displays password information for this neighbor. Here are the items displayed:
– An indication as to whether a password is mandatory for this neighbor (required or not required). – The password source (neighbor, fallback, or option number). – An indication as to whether the latest configured password or keychain for this neighbor is used by the TCP session (in use) or the TCP session uses an old password or keychain (stale). A keychain is always considered stale when compared with a simple password, even when the keychain may at the moment lead to using the same simple password. |
Step 15 |
copy running-config startup-config Example: switch(config-ldp)# copy running-config startup-config |
(Optional) Copies the running configuration to the startup configuration. |