Master CCNA

How to Master CCNA Ebook

 

 

My book will help you Master CCNA

Master CCNP SWITCH

How to master CCNP SWITCH ebook

 

 

My book will help you Master CCNP SWITCH

Master CCNP ROUTE

How to master CCNP ROUTE Ebook

 

 

My book will help you Master CCNP ROUTE

Print

MPLS Label Filtering

Written by Rene Molenaar on . Posted in MPLS

Scenario:

Your MPLS Backbone works like a charm but your security officer still has some issues. He doesn't like that some of the prefixes are advertised with a label and it's up to you to fix it....bring on the sticker remover!

Goal:

  • All IP addresses on the customer routers have been preconfigured for you.
  • OSPF has been configured on all routers and all networks are advertised.
  • Configure MPLS on all routers, ensure all prefixes are advertised with a label.
  • The prefixes on the loopback interfaces should NOT be advertised with a label.

IOS:

c3640-jk9s-mz.124-16.bin

Topology:

MPLS LDP Filtering

Video Solution:

You need to a flashplayer enabled browser to view this YouTube video

You need to register to download the GNS3 Topology File. (Registration is Free!)

Related Articles
Only registered users can write comments!

Comments (6)

  • avatar
    sdfggsf
    2010-12-22 23:00:04

    hmmm how to config mpls on these routers? are they p, pe or ce routers? adn which command to ensure that the prefixes are advertised with label? show mpl ip binging detail ?

  • avatar
    ReneMolenaar
    2010-12-22 23:42:18

    Only on P or PE routers you would enable MPLS, and the command to do this is the same. The CE routers never run MPLS since this on the 'customer' side.

    show mpls ldp bindings will show you the prefix to label binding. By default all prefixes will have a label.

    Good luck!

    Rene

  • avatar
    sdfggsf
    2010-12-23 00:15:36

    so basically i enabled mpls ip on all interfaces connected to the routers, and also enabled mpls ip in global config mode.

    after that when i show mpls ldp binding it doesnt show me labels. it just shows something like

    show mpls ldp bindings
    tib entry: 2.2.2.0/24, rev 4
    local binding: tag: imp-null
    tib entry: 192.168.12.0/24, rev 2
    local binding: tag: imp-null
    tib entry: 192.168.23.0/24, rev 6
    local binding: tag: imp-null


    also i enabled mpls ldp advertise-labels command in global config mode. Ill put the access list later but first i need to see labels :'(

  • avatar
    bdk907
    2011-03-05 05:02:56

    sdfggsf, you are seeing what Mordin has for labels. When you see 'imp-null', you are seeing label #3.

    The problem looks to be that Mordin doesn't have LDP adjacencies with Shepard and Garrus.

    Type 'show mpls ldp neighbor' to see who your adjacent neighbors are.

    Also 'show mpls interface' will show you which interfaces have LDP enabled and which interfaces are enabled (no shut) themsevles.

    -bdk

  • avatar
    Dardoufa
    2012-04-01 16:05:46

    Hello!

    Wouldn't the same thing be achieved if on routers Garrus and Shepard we created an access-list that only permitted the fasternetIP that was advertised by Mordin and then issued the command: mpls ldp neighbor Mordin-loopabck labels accept access-list?

    For example on Shepard:

    mpls ldp neighbor 2.2.2.2 labels accept 1
    access-list 1 permit 192.168.23.0 0.0.0.255

  • avatar
    ReneMolenaar
    2012-04-02 10:16:58

    Hi Dardoufa,

    I'm not 100% sure but the command I used in this lab is to make sure some labels are not advertised. The command you mention is to make sure some labels are not accepted.

    The end result will be the same but the difference is in the "sending" or "receiving" of labels.

    Rene