RE: mpls ldp authentication question !!

From: Sergey Golovanov (sergey.golovanov@iementor.com)
Date: Mon Mar 19 2007 - 20:29:20 ART

• Next message: Sergey Golovanov: "RE: OT: CCIE Salary - For people taking H1-B's - Listen"
• Previous message: Martin Kiefer: "RE: IEWB-RS Version 4 - Switch"
• Maybe in reply to: Dishan Gamage: "mpls ldp authentication question !!"
• Next in thread: hoon lee: "Re: mpls ldp authentication question !!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Is the ldp neighbor relationship the only requirement? Is tagging required? If not, you can turn off ldp on the interface on pe1 and pe2 (no mpls ip), and then configure two neighbors with a targeted session (mpls ldp neighbor x.x.x.x target) in addition to password command. This will prevent pe3 from establishing ldp session. But tagging won't work between pe1 and pe2. Labels will be exchanged but forwarding table will say 'untagged'.

Otherwise, if IOS supports it, use command that John mentioned earlier.

-------------------------
Sergey Golovanov, CCIEx5 (R&S/Security/Voice/Service Provider/Storage)
"Please, don't ask me for my ccie #, there are reasons why I can't release it"
ieMentor Instructor and Content Developer
www.iementor.com

-----Original Message-----
From: "Jian Gu" <guxiaojian@gmail.com>
To: "Robert McCallum" <RMcCallum@thrupoint.net>
Cc: "Dishan Gamage" <dishanlg@gmail.com>; "Cisco certification" <ccielab@groupstudy.com>; "Cisco certification" <comserv@groupstudy.com>
Sent: 3/19/07 5:29 PM
Subject: Re: mpls ldp authentication question !!

Dear senior consultatant,

You are blocking (IGP) adjacency with other one to prevent LDP session from
forming? nice solution.

So is LDP authentication a valid solution or not?

On 3/19/07, Robert McCallum <RMcCallum@thrupoint.net> wrote:
>
> Really? Are you sure? Think about it!! Come on think about this how can
> you stop a router forming an ADJACENCY with the other one? Who cares
> about
> LDP - stop it before ldp even has a chance to get in there.
>
> OR use the new command - bearing in mind I sat my lab over a year ago ;-)
> Robert McCallum
> Senior Consultant
> Mobile : +44(0)7818002241
>
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > Jian Gu
> > Sent: 19 March 2007 19:47
> > To: Robert McCallum
> > Cc: Dishan Gamage; Cisco certification; Cisco certification
> > Subject: Re: mpls ldp authentication question !!
> >
> > How does IGP global command have anything to do with LDP authentication?
> > you
> > must be mistaken.
> >
> > On 3/19/07, Robert McCallum <RMcCallum@thrupoint.net> wrote:
> > >
> > > Hmm I thought I had replied to this. Oh well - Clue : Check your IGP
> > > Global
> > > commands.
> > >
> > > Robert McCallum
> > > Senior Consultant
> > >
> > > > -----Original Message-----
> > > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > Of
> > > > Dishan Gamage
> > > > Sent: 19 March 2007 11:44
> > > > To: Cisco certification; Cisco certification
> > > > Subject: mpls ldp authentication question !!
> > > >
> > > > Hi Group
> > > >
> > > >
> > > >
> > > > I have PE1 & PE2 configured to use md5 for LDP, working fine...
> > > >
> > > > PE1
> > > >
> > > > mpls ldp neighbor 172.16.12.2 password abcdef
> > > >
> > > >
> > > > PE2
> > > >
> > > > mpls ldp neighbor 172.16.12.1 password abcdef
> > > >
> > > >
> > > > the question says to block a new PE (eg PE3), from joining into the
> > mpls
> > > > domain without using an ACL
> > > >
> > > > I see that when PE3 boots up it also establish ldp neighbor
> > > > relationships..................
> > > >
> > > > can someone explain how this can be done ??
> > > >
> > > > tks in advance
> > > > dishan
> > > >
> > > >
> _____________________________________________________________________
> > > > Subscription information:
> http://www.groupstudy.com/list/comserv.html
> > >
> > >
> > >
> > > Note:The information contained in this message may be privileged and
> > > confidential and protected from disclosure . If the reader of this
> > message
> > > is not the
> > > intended recipient, or an employee or agent responsible for delivering
> > > this message to the intended recipient, you are hereby notified that
> any
> > > dissemination, distribution or copying of this communication is
> strictly
> > > prohibited. If you have received this communication in error, please
> > notify
> > > us
> > > immediately by replying to the message and deleting it from your
> > computer.
> > > Thankyou. ThruPoint Ltd.
> > >
> > >
> _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> > _____________________________________________________________________
> > Subscription information: http://www.groupstudy.com/list/comserv.html
>
>
>
> Note:The information contained in this message may be privileged and
> confidential and protected from disclosure . If the reader of this message
> is not the
> intended recipient, or an employee or agent responsible for delivering
> this message to the intended recipient, you are hereby notified that any
> dissemination, distribution or copying of this communication is strictly
> prohibited. If you have received this communication in error, please notify
> us
> immediately by replying to the message and deleting it from your computer

• Next message: Sergey Golovanov: "RE: OT: CCIE Salary - For people taking H1-B's - Listen"
• Previous message: Martin Kiefer: "RE: IEWB-RS Version 4 - Switch"
• Maybe in reply to: Dishan Gamage: "mpls ldp authentication question !!"
• Next in thread: hoon lee: "Re: mpls ldp authentication question !!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Apr 01 2007 - 06:35:51 ART