华为设备配置LDP安全认证（华为认证服务）

华为设备配置LDP安全认证（华为认证服务）

1. 配置IP地址

[PE1-GigabitEthernet0/0/0]ip add 10.1.1.1 24

[PE1-LoopBack0]ip add 1.1.1.1 32

[P-GigabitEthernet0/0/0]ip add 10.1.1.2 24

[P-GigabitEthernet0/0/1]ip add 10.1.2.2 24

[P-LoopBack0]ip add 2.2.2.2 32

[PE2-GigabitEthernet0/0/0]ip add 10.1.2.3 24

[PE2-LoopBack0]ip add 3.3.3.3 32

2. 配置OSPF协议发布各节点接口所连网段和LSR ID的主机路由

[PE1]ospf 1

[PE1-ospf-1]area 0

[PE1-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255

[PE1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0

[P]ospf 1

[P-ospf-1]area 0

[P-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255

[P-ospf-1-area-0.0.0.0]network 10.1.2.0 0.0.0.255

[P-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0

[PE2]ospf 1

[PE2-ospf-1]area 0

[PE2-ospf-1-area-0.0.0.0]network 10.1.2.0 0.0.0.255

[PE2-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0

3. 配置LDP本地会话

[PE1]mpls lsr-id 1.1.1.1

[PE1]mpls

[PE1]mpls ldp

[PE1-GigabitEthernet0/0/0]mpls

[PE1-GigabitEthernet0/0/0]mpls ldp

[P]mpls lsr-id 2.2.2.2

[P]mpls

[P]mpls ldp

[P-GigabitEthernet0/0/0]mpls

[P-GigabitEthernet0/0/0]mpls ldp

[P-GigabitEthernet0/0/1]mpls

[P-GigabitEthernet0/0/1]mpls ldp

[PE2]mpls lsr-id 3.3.3.3

[PE2]mpls

[PE2]mpls ldp

[PE2-GigabitEthernet0/0/0]mpls

[PE2-GigabitEthernet0/0/0]mpls ldp

4. 配置PE_1与P之间TCP应用程序的Keychain

[PE1]keychain k1 mode periodic weekly

[PE1-keychain]tcp-kind 180

[PE1-keychain]tcp-algorithm-id md5 8

[PE1-keychain]receive-tolerance 15

[PE1-keychain]key-id 1

[PE1-keychain-keyid-1]algorithm md5

[PE1-keychain-keyid-1]key-string cipher abc@123

[PE1-keychain-keyid-1]send-time day mon to thu

[PE1-keychain-keyid-1]receive-time day mon to thu

[PE1-keychain]key-id 2

[PE1-keychain-keyid-2]algorithm md5

[PE1-keychain-keyid-2]key-string cipher abc@123

[PE1-keychain-keyid-2]send-time day fri to sun

[PE1-keychain-keyid-2]receive-time day fri to sun

[P]keychain k1 mode periodic weekly

[P-keychain]tcp-kind 180

[P-keychain]tcp-algorithm-id md5 8

[P-keychain]receive-tolerance 15

[P-keychain]key-id 1

[P-keychain-keyid-1]algorithm md5

[P-keychain-keyid-1]key-string cipher abc@123

[P-keychain-keyid-1]send-time day mon to thu

[P-keychain-keyid-1]receive-time day mon to thu

[P-keychain]key-id 2

[P-keychain-keyid-2]algorithm md5

[P-keychain-keyid-2]key-string cipher abc@123

[P-keychain-keyid-2]send-time day fri to sun

[P-keychain-keyid-2]receive-time day fri to sun

5. 配置PE_1与P的LDP Keychain认证

[PE1]mpls ldp

[PE1-mpls-ldp]authentication key-chain peer 2.2.2.2 name k1

[P]mpls ldp

[P-mpls-ldp]authentication key-chain peer 1.1.1.1 name k1

6. 配置PE_2与P之间TCP应用程序的Keychain

[PE2]keychain k1 mode periodic weekly

[PE2-keychain]tcp-kind 180

[PE2-keychain]tcp-algorithm-id md5 8

[PE2-keychain]receive-tolerance 15

[PE2-keychain]key-id 1

[PE2-keychain-keyid-1]algorithm md5

[PE2-keychain-keyid-1]key-string cipher abc@123

[PE2-keychain-keyid-1]send-time day mon to thu

[PE2-keychain-keyid-1]receive-time day mon to thu

[PE2-keychain]key-id 2

[PE2-keychain-keyid-2]algorithm md5

[PE2-keychain-keyid-2]key-string cipher abc@123

[PE2-keychain-keyid-2]send-time day fri to sun

[PE2-keychain-keyid-2]receive-time day fri to sun

[P]keychain k2 mode periodic weekly

[P-keychain]tcp-kind 180

[P-keychain]tcp-algorithm-id md5 8

[P-keychain]receive-tolerance 15

[P-keychain]key-id 1

[P-keychain-keyid-1]algorithm md5

[P-keychain-keyid-1]key-string cipher abc@123

[P-keychain-keyid-1]send-time day mon to thu

[P-keychain-keyid-1]receive-time day mon to thu

[P-keychain]key-id 2

[P-keychain-keyid-2]algorithm md5

[P-keychain-keyid-2]key-string cipher abc@123

[P-keychain-keyid-2]se

[P-keychain-keyid-2]send-time day fri to sun

[P-keychain-keyid-2]receive-time day fri to sun

7. 配置PE_2与P的LDP Keychain认证

[PE2]mpls ldp

[PE2-mpls-ldp]authentication key-chain peer 2.2.2.2 name k1

[P]mpls ldp

[P-mpls-ldp]authentication key-chain peer 3.3.3.3 name k2

8. 检查配置

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。