14.2 mpls ldp passwrod requied.

hi.

i am using 3700 Software (C3725-ADVIPSERVICESK9-M), Version 12.4(15)T6, this software is not giving me 

mpls ldp password required

any idea why? i have checked 12.4T documents, and master command reference and this is present there.

UPDATE:: 3700 Software (C3725-ADVENTERPRISEK9-M), Version 12.4(15)T11

also has same issue.

 

Best Regards,

 

Nadeem Rafi

 

Comments

  • it's because the command is not available on that build.  Use the feature navigator on CCO to find out if the features you need are on a particluar version of code.   If you were thinking there was some sort of activation command to get the LDP password command the answe ris "no"

  • Thanks for great help... I have searched in Feature Navigator and it was quite shock to me that this feature "MPLS - LDP Global MD5 Configuration" in 12.4 T is only available on 7200 series. I dont know then why this exercise is being given in 14.2. As per BP IOS used is 12.4T and routers are 37xx or 38xx.

     

    Thanks again for a very useful tip.. 

     

    Best Regards,

     

    Nadeem Rafi

  • great point, and I think the answer is: INE devleoped the LABS with some speculatory thinking.  AToM for instance is also on the 14.X workbook (VOl 1 for MPLS) but I don't think it will be on the exam.  Maybe this is another example of a feature that they threw on there as speculation.   I guess every section (especially new sections) is goign to have a questions or two on the edge of the blueprint since the whole excercise is about INE trying to make assumptions about what is incldued and what ti s not from the very vague BLuePrint.

     

    That being said, you have to make some decisions when going through their material on how much you spend on aany particular corner case. My goal on any Volume 1 section is to be able to do 80-90% of the basic configuration without usong the CCO DOcs and them maybe look up one of the more esoteric features.

  • Thanks again for your well supporting replies...

    Just want to add that, in this task verification about password using 

    sh mpls ldp neighbor password

    will not work also.

    Any body knows any alternative to above command?

  • I also like to use the wrong password, to see what happens. 

     

    Also: If you do the command "mpls ldp password required" before adding the password, then you will get messages saying tha tthe neighbor is not providing the authentication.

    I think "sho mpls ldp neighbor" will also give you a lot of info including tha there is authnetication going on. It is also VERY insightful for befor ean after you configure the interface transport for R4 and R6. 

     

     

    My advice: get R4 and R6 up and running like normal (using the loopback for transferring MPLS messages through a TCP Session).  issue the cmd "sho mpls ldp neighbor" and not the use of loopback for identifying the neighbor and fo rth eTCP connection.

     

    OKAY, now change the transport address for MPLS to use the physical interface for the LDP session one at a time.  Do it on R4 and them go to r6 and issue cmd "sho mpls ldp neighbor" , you will see the change to the TCP connection but the niehgbor is still identified with the Loopback.  Ibleieve the session will be valid at this point with R4 interface address creating a TCP session to the loopback of R6.  Now sort out R6's interface to be configured as transport for LDP session to R4.  Issue wht command again: "sho mpls ldp neighbor"on bothe R4 and R6.  See how things are working? 

    Next level of knowledge:

    I was wodering if at this point the loopback address is just an identifier and if it was a /16 address if it would even matter now, or even if I created and ACL that did not allow anything to send data to that IF if the session would still stay up.  I think it will.

    take care.

  • I also like to use the wrong password, to see what happens. 

    IN the absence of password on one side output will be 

     

    Mar  1 06:11:41.710: %TCP-6-BADAUTH: No MD5 digest from 150.1.4.4(646) to 150.1.5.5(42883)

    *Mar  1 06:11:41.710: %TCP-6-BADAUTH: No MD5 digest from 150.1.4.4(646) to 150.1.5.5(42883)

    adjacency will go down and neighbor connection will be torn down. Which essentially means there will be no output for sh mpls ldp neigh :)

     

    in case the password is wrong then 

    *Mar  1 06:16:07.490: %TCP-6-BADAUTH: Invalid MD5 digest from 150.1.5.5(50579) to 150.1.4.4(646)

    and this output will be only given on server side (port 646) and there will be no output or error report on the second end. quite interesting.

     

    Also: If you do the command "mpls ldp password required" before adding the password, then you will get messages saying tha tthe neighbor is not providing the authentication.

    I think "sho mpls ldp neighbor" will also give you a lot of info including tha there is authnetication going on. It is also VERY insightful for befor ean after you configure the interface transport for R4 and R6. 

    that was the reason i asked that is there any alternative to sh mpls ldp neig password command as sh mpls ldp neigh dont give any thought to password being used..

     

     

    Rack1R4#sh mpls ldp neighbor

        Peer LDP Ident: 150.1.6.6:0; Local LDP Ident 150.1.4.4:0

            TCP connection: 155.1.146.6.38548 - 155.1.146.4.646

            State: Oper; Msgs sent/rcvd: 91/93; Downstream

            Up time: 01:09:52

            LDP discovery sources:

              FastEthernet0/1, Src IP addr: 155.1.146.6

            Addresses bound to peer LDP Ident:

              155.1.146.6     54.1.1.6        150.1.6.6

        Peer LDP Ident: 150.1.5.5:0; Local LDP Ident 150.1.4.4:0

            TCP connection: 150.1.5.5.58407 - 150.1.4.4.646

            State: Oper; Msgs sent/rcvd: 13/13; Downstream

            Up time: 00:00:06

            LDP discovery sources:

              Serial0/0.1, Src IP addr: 155.1.0.5

              Serial0/1, Src IP addr: 155.1.45.5

            Addresses bound to peer LDP Ident:

              155.1.58.5      155.1.0.5       155.1.5.5       155.1.45.5

              150.1.5.5

    I cannot find any password related command to see whats going on... As i mentioned in previous post in 12.4 T line only 7200 series support "mpls ldp password required" command, but normal "mpls ldp neigh xxx.xxx.xx.xx password" command is available to other models. I am using 3725. :(


    any way to check password related info other than 72xx?



    My advice: get R4 and R6 up and running like normal (using the loopback for transferring MPLS messages through a TCP Session).  issue the cmd "sho mpls ldp neighbor" and not the use of loopback for identifying the neighbor and fo rth eTCP connection.

     

    OKAY, now change the transport address for MPLS to use the physical interface for the LDP session one at a time.  Do it on R4 and them go to r6 and issue cmd "sho mpls ldp neighbor" , you will see the change to the TCP connection but the niehgbor is still identified with the Loopback.  Ibleieve the session will be valid at this point with R4 interface address creating a TCP session to the loopback of R6.  Now sort out R6's interface to be configured as transport for LDP session to R4.  Issue wht command again: "sho mpls ldp neighbor"on bothe R4 and R6.  See how things are working? 

    Next level of knowledge:

    I was wodering if at this point the loopback address is just an identifier and if it was a /16 address if it would even matter now, or even if I created and ACL that did not allow anything to send data to that IF if the session would still stay up.  I think it will.

    take care.


    quite valued input.... just have done it on lab :)

     

    One Question: what makes a device to behave like a server (port 646)?

     

    Thanks again for your valued time.

     

     

    Best Regards,

     

    Nadceem Rafi

     

  • Thanks for posting this.  It saved me some time and I am sure others will appreciate this.

Sign In or Register to comment.