TDP doesn't support any authentication (like MD5 in LDP).
It's true that 'mpls ldp neighbor' covers both LDP and TDP settings,
only the password setting would be ignored.
It's not possible to secure your TDP neighbor session, so if a task
asks you to configure an authenticated label distribution protocol you
are certain of using LDP.
--
Regards,
Rick Mur
CCIE2 #21946 (R&S / Service Provider)
Juniper JNCIA-ER & JNCIA-EX
MCSA:Messaging, MCSE
Sr. Support Engineer � IPexpert, Inc.
URL: http://www.IPexpert.com
On 12 aug 2009, at 15:53, Shaughn Smith wrote:
> R5 has defaulted to TDP due to you not specifying LDP from what I
> can see.
>
> You can use Mpls ldp neighbor xxxx password to authenticate your LDP/
> TDP
> sessions
>
> From: Splinter [mailto:splinter330_at_gmail.com]
> Sent: Wednesday, August 12, 2009 3:44 PM
> To: srinivas pv
> Cc: Shaughn Smith; Cisco certification
> Subject: Re: LDP/TDP
>
> here it is...
>
> R5:
>
> R5#sh tag-switching tdp neighbor
> Peer TDP Ident: 172.10.59.9:0<http://172.10.59.9:0>; Local TDP Ident
> 172.10.0.5:0<http://172.10.0.5:0>
> TCP connection: 172.10.59.9.16722 - 172.10.0.5.711
> State: Oper; PIEs sent/rcvd: 6/6; ; Downstream
> Up time: 00:02:28
> TDP discovery sources:
> FastEthernet0/1.59, Src IP addr: 172.10.59.9
> Addresses bound to peer TDP Ident:
> 172.10.59.9
>
> R5#sh tag-switching tdp discovery
> Local TDP Identifier:
> 172.10.0.5:0<http://172.10.0.5:0>
> TDP Discovery Sources:
> Interfaces:
> FastEthernet0/1.59: xmit/recv
> TDP Id: 172.10.59.9:0<http://172.10.59.9:0>
>
> R5#sh run int fa0/1.59
> Building configuration...
>
> Current configuration : 196 bytes
> !
> interface FastEthernet0/1.59
> encapsulation dot1Q 59
> ip address 172.10.59.5 255.255.255.0
> tag-switching ip
> end
>
> R5#
>
> R9:
>
> R9#sh mpls ldp neighbor vrf ABC
> Peer TDP Ident: 172.10.0.5:0<http://172.10.0.5:0>; Local TDP Ident
> 172.10.59.9:0<http://172.10.59.9:0>
> TCP connection: 172.10.0.5.711 - 172.10.59.9.16722
> State: Oper; PIEs sent/rcvd: 0/6; Downstream
> Up time: 00:02:04
> TDP discovery sources:
> FastEthernet0/0.59, Src IP addr: 172.10.59.5
> Addresses bound to peer TDP Ident:
> 172.10.59.5 172.10.0.5
>
> R9#sh mpls ldp discovery
> Local LDP Identifier:
> 10.10.0.9:0<http://10.10.0.9:0>
> Discovery Sources:
> Interfaces:
> FastEthernet0/0.69 (ldp): xmit/recv
> LDP Id: 10.10.0.6:0<http://10.10.0.6:0>
> R9#
>
> R9#
> R9#sh run int fa0/0.59
> Building configuration...
>
> Current configuration : 235 bytes
> !
> interface FastEthernet0/0.59
> encapsulation dot1Q 59
> ip vrf forwarding ABC
> ip address 172.10.59.9 255.255.255.0
> mpls label protocol tdp
> mpls ip
> end
>
> R9#
>
> On Wed, Aug 12, 2009 at 3:07 PM, srinivas pv
> <vsrinivas.paturi_at_gmail.com<mailto:vsrinivas.paturi_at_gmail.com>> wrote:
> I am also thinking, how ldp/tdp up between ldp and tdp routers?
> could you give show mpls ldp neighbor outputs on both routers?
>
> Thanks,
> Srinivas
>
> On Wed, Aug 12, 2009 at 6:34 PM, Shaughn Smith
> <Shaughn.Smith_at_mtnbusiness.co.za<mailto:Shaughn.Smith_at_mtnbusiness.co.za
> >>
> wrote:
>
> If you have LDP on the PE router, and have specified TDP on the CE
> then I
> don't think the MPLS LDP/TDP relationship is up.
>
> They both need to be the same, or you can run mpls label protocol
> both.
>
> But if the relationship is up then the command mpls ldp neighbor
> xxxx password
> will work
>
>
>
> From: Splinter [mailto:splinter330_at_gmail.com<mailto:splinter330_at_gmail.com
> >]
> Sent: Wednesday, August 12, 2009 3:03 PM
> To: Shaughn Smith
> Cc: srinivas pv; Cisco certification
> Subject: Re: LDP/TDP
>
>
>
> Sorry I did not give enough info...
>
> 7200 PE router is running LDP and on the interface connected to the
> CE 2600
> TDP router i have
> "mpls label protocol tdp"
>
> my mpls LDP/TDP neighbor is up now i need to runn authentication
> between these
> 2 routers. can thise be done? or do i now need to reconfigure my PE
> router to
> run TDP.
>
> Splinter
>
> On Wed, Aug 12, 2009 at 2:52 PM, Shaughn Smith
> <Shaughn.Smith_at_mtnbusiness.co.za<mailto:Shaughn.Smith_at_mtnbusiness.co.za
> >>
> wrote:
>
> Mpls LDP neighbor covers both LDP/TDP
>
>
>
> From: srinivas pv
> [mailto:vsrinivas.paturi_at_gmail.com<mailto:vsrinivas.paturi_at_gmail.com>]
> Sent: Wednesday, August 12, 2009 2:49 PM
> To: Shaughn Smith
> Cc: Splinter; Cisco certification
> Subject: Re: LDP/TDP
>
>
>
> Hi Shaughn,
>
> In that case, TDP runs on both.
> Then I don't think 'mpls ldp nei x.x.x.x password' is applicable to
> TDP? It is
> only for LDP. Isn't it?
>
> I guess if want to go for authentication, you need to use LDP.
>
> Thanks,
> Srinivas
>
> On Wed, Aug 12, 2009 at 5:51 PM, Shaughn Smith
> <Shaughn.Smith_at_mtnbusiness.co.za<mailto:Shaughn.Smith_at_mtnbusiness.co.za
> >>
> wrote:
>
> Ah, sorry. Didn't read the e-mail correctly
>
> If you are trying to run TDP and LDP it wont work unless you have
> the keyword
> "both" enabled on the interfaces.
>
> If you have done that then my previous e-mail is correct, you can
> run mpls ldp
> neighbor xxxx password
>
> -----Original Message-----
> From: nobody_at_groupstudy.com<mailto:nobody_at_groupstudy.com>
> [mailto:nobody_at_groupstudy.com<mailto:nobody_at_groupstudy.com>] On
> Behalf Of
> srinivas pv
> Sent: Wednesday, August 12, 2009 2:14 PM
> To: Splinter
> Cc: Cisco certification
> Subject: Re: LDP/TDP
>
> Hi,
>
> I think, you need to use same label distribution protocol between
> neighbors.
> Isn't it?
> I am not sure, how you can run TDP and LDP between neighbors.
>
> You may configure 'mpls label protocol both', but it just supports
> both
> protocols.
>
> But you can not run LDP and TDP between neighbors.
>
> Thanks,
> Srinivas
>
> On Wed, Aug 12, 2009 at 5:24 PM, Splinter
> <splinter330_at_gmail.com<mailto:splinter330_at_gmail.com>> wrote:
>
>> Hi,
>>
>> i am using a 2600 for my CE router and it is running TDP connected
>> to my PE
>> LDP router and
>> I would like to do LDP/TDP authentication between these routers.
>>
>> I am not finding anything related to TDP security or LDP to TDP
>> authentication.
>>
>> Please can you help
>>
>>
>> Regards
>>
>> Splinter
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
> NOTE: This e-mail message and all attachments thereto contain
> confidential
> information intended for a specific addressee and purpose. If you
> are not the
> addressee (a) you may not disclose, copy, distribute or take any
> action based
> on the contents hereof; (b) kindly inform the sender immediately and
> destroy
> all copies hereof. Any copying, publication or disclosure of this
> message, or
> part hereof, in any form whatsoever, without the sender's express
> written
> consent, is prohibited. No opinion expressed or implied by the sender
> necessarily constitutes the opinion of MTN. This message does not
> constitute a
> guarantee or proof of the facts mentioned herein. No Employee or
> intermediary
> is authorised to conclude a binding agreement on behalf of MTN Group
> Limited,
> or any of its subsidiary companies, by e-mail without the express
> written
> confirmation by a duly authorised representative of MTN Group Limited.
>
>
>
>
>
> ________________________________
>
> NOTE: This e-mail message and all attachments thereto contain
> confidential
> information intended for a specific addressee and purpose. If you
> are not the
> addressee (a) you may not disclose, copy, distribute or take any
> action based
> on the contents hereof; (b) kindly inform the sender immediately and
> destroy
> all copies hereof. Any copying, publication or disclosure of this
> message, or
> part hereof, in any form whatsoever, without the sender's express
> written
> consent, is prohibited. No opinion expressed or implied by the sender
> necessarily constitutes the opinion of MTN. This message does not
> constitute a
> guarantee or proof of the facts mentioned herein. No Employee or
> intermediary
> is authorised to conclude a binding agreement on behalf of MTN Group
> Limited,
> or any of its subsidiary companies, by e-mail without the express
> written
> confirmation by a duly authorised representative of MTN Group Limited.
>
>
>
> ________________________________
> NOTE: This e-mail message and all attachments thereto contain
> confidential
> information intended for a specific addressee and purpose. If you
> are not the
> addressee (a) you may not disclose, copy, distribute or take any
> action based
> on the contents hereof; (b) kindly inform the sender immediately and
> destroy
> all copies hereof. Any copying, publication or disclosure of this
> message, or
> part hereof, in any form whatsoever, without the sender's express
> written
> consent, is prohibited. No opinion expressed or implied by the sender
> necessarily constitutes the opinion of MTN. This message does not
> constitute a
> guarantee or proof of the facts mentioned herein. No Employee or
> intermediary
> is authorised to conclude a binding agreement on behalf of MTN Group
> Limited,
> or any of its subsidiary companies, by e-mail without the express
> written
> confirmation by a duly authorised representative of MTN Group Limited.
>
>
>
> ________________________________
> NOTE: This e-mail message and all attachments thereto contain
> confidential
> information intended for a specific addressee and purpose. If you
> are not the
> addressee (a) you may not disclose, copy, distribute or take any
> action based
> on the contents hereof; (b) kindly inform the sender immediately and
> destroy
> all copies hereof. Any copying, publication or disclosure of this
> message, or
> part hereof, in any form whatsoever, without the sender's express
> written
> consent, is prohibited. No opinion expressed or implied by the sender
> necessarily constitutes the opinion of MTN. This message does not
> constitute a
> guarantee or proof of the facts mentioned herein. No Employee or
> intermediary
> is authorised to conclude a binding agreement on behalf of MTN Group
> Limited,
> or any of its subsidiary companies, by e-mail without the express
> written
> confirmation by a duly authorised representative of MTN Group Limited.
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Sat Aug 15 2009 - 15:59:45 ART