0
点赞
收藏
分享

微信扫一扫

华为设备配置LDP安全认证

华为设备配置LDP安全认证_网络

1. 配置IP地址

[PE1-GigabitEthernet0/0/0]ip add 10.1.1.1 24

[PE1-LoopBack0]ip add 1.1.1.1 32

[P-GigabitEthernet0/0/0]ip add 10.1.1.2 24

[P-GigabitEthernet0/0/1]ip add 10.1.2.2 24

[P-LoopBack0]ip add 2.2.2.2 32

[PE2-GigabitEthernet0/0/0]ip add 10.1.2.3 24

[PE2-LoopBack0]ip add 3.3.3.3 32

2. 配置OSPF协议发布各节点接口所连网段和LSR ID的主机路由

[PE1]ospf 1

[PE1-ospf-1]area 0

[PE1-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255

[PE1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0

[P]ospf 1

[P-ospf-1]area 0

[P-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255

[P-ospf-1-area-0.0.0.0]network 10.1.2.0 0.0.0.255

[P-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0

[PE2]ospf 1

[PE2-ospf-1]area 0

[PE2-ospf-1-area-0.0.0.0]network 10.1.2.0 0.0.0.255

[PE2-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0

3. 配置LDP本地会话

[PE1]mpls lsr-id 1.1.1.1

[PE1]mpls

[PE1]mpls ldp  

[PE1-GigabitEthernet0/0/0]mpls  

[PE1-GigabitEthernet0/0/0]mpls ldp

[P]mpls lsr-id 2.2.2.2

[P]mpls                

[P]mpls ldp  

[P-GigabitEthernet0/0/0]mpls      

[P-GigabitEthernet0/0/0]mpls ldp  

[P-GigabitEthernet0/0/1]mpls      

[P-GigabitEthernet0/0/1]mpls ldp

[PE2]mpls lsr-id 3.3.3.3

[PE2]mpls

[PE2]mpls ldp  

[PE2-GigabitEthernet0/0/0]mpls  

[PE2-GigabitEthernet0/0/0]mpls ldp

4. 配置PE_1与P之间TCP应用程序的Keychain

[PE1]keychain k1 mode periodic weekly  

[PE1-keychain]tcp-kind 180

[PE1-keychain]tcp-algorithm-id md5 8

[PE1-keychain]receive-tolerance 15

[PE1-keychain]key-id 1

[PE1-keychain-keyid-1]algorithm md5  

[PE1-keychain-keyid-1]key-string cipher abc@123

[PE1-keychain-keyid-1]send-time day mon to thu  

[PE1-keychain-keyid-1]receive-time day mon to thu  

[PE1-keychain]key-id 2

[PE1-keychain-keyid-2]algorithm md5  

[PE1-keychain-keyid-2]key-string cipher abc@123

[PE1-keychain-keyid-2]send-time day fri to sun  

[PE1-keychain-keyid-2]receive-time day fri to sun

[P]keychain k1 mode periodic weekly  

[P-keychain]tcp-kind 180

[P-keychain]tcp-algorithm-id md5 8

[P-keychain]receive-tolerance 15

[P-keychain]key-id 1

[P-keychain-keyid-1]algorithm md5  

[P-keychain-keyid-1]key-string cipher abc@123

[P-keychain-keyid-1]send-time day mon to thu  

[P-keychain-keyid-1]receive-time day mon to thu

[P-keychain]key-id 2

[P-keychain-keyid-2]algorithm md5  

[P-keychain-keyid-2]key-string cipher abc@123

[P-keychain-keyid-2]send-time day fri to sun  

[P-keychain-keyid-2]receive-time day fri to sun

5. 配置PE_1与P的LDP Keychain认证

[PE1]mpls ldp  

[PE1-mpls-ldp]authentication key-chain peer 2.2.2.2 name k1

[P]mpls ldp  

[P-mpls-ldp]authentication key-chain peer 1.1.1.1 name k1

6. 配置PE_2与P之间TCP应用程序的Keychain

[PE2]keychain k1 mode periodic weekly  

[PE2-keychain]tcp-kind 180

[PE2-keychain]tcp-algorithm-id md5 8

[PE2-keychain]receive-tolerance 15

[PE2-keychain]key-id 1

[PE2-keychain-keyid-1]algorithm md5  

[PE2-keychain-keyid-1]key-string cipher abc@123

[PE2-keychain-keyid-1]send-time day mon to thu  

[PE2-keychain-keyid-1]receive-time day mon to thu  

[PE2-keychain]key-id 2

[PE2-keychain-keyid-2]algorithm md5  

[PE2-keychain-keyid-2]key-string cipher abc@123

[PE2-keychain-keyid-2]send-time day fri to sun

[PE2-keychain-keyid-2]receive-time day fri to sun

[P]keychain k2 mode periodic weekly  

[P-keychain]tcp-kind 180

[P-keychain]tcp-algorithm-id md5 8

[P-keychain]receive-tolerance 15

[P-keychain]key-id 1

[P-keychain-keyid-1]algorithm md5  

[P-keychain-keyid-1]key-string cipher abc@123

[P-keychain-keyid-1]send-time day mon to thu  

[P-keychain-keyid-1]receive-time day mon to thu  

[P-keychain]key-id 2

[P-keychain-keyid-2]algorithm md5  

[P-keychain-keyid-2]key-string cipher abc@123

[P-keychain-keyid-2]se

[P-keychain-keyid-2]send-time day fri to sun  

[P-keychain-keyid-2]receive-time day fri to sun

7. 配置PE_2与P的LDP Keychain认证

[PE2]mpls ldp

[PE2-mpls-ldp]authentication key-chain peer 2.2.2.2 name k1

[P]mpls ldp  

[P-mpls-ldp]authentication key-chain peer 3.3.3.3 name k2

8. 检查配置

华为设备配置LDP安全认证_华为_02

举报

相关推荐

0 条评论