access-list-number
|
access-list-name
]
Note It is important that you enter this command to see how the access list is defined; otherwise, you cannot verify
inbound label binding filtering.
The following command output shows the contents of IP access list 1:
Example:
Router# show ip access 1
Standard IP access list 1
permit 10.0.0.0, wildcard bits 0.0.0.255 (1 match)
Step 3 Enter the show mpls ldp bindingscommand to verify that the LSR has remote bindings only from a specified peer for
prefixes permitted by the access list.
Example:
Router# show mpls ldp bindings
tib entry: 10.0.0.0/8, rev 4
local binding: tag: imp-null
tib entry: 10.2.0.0/16, rev 1137
local binding: tag: 16
tib entry: 10.2.0.0/16, rev 1139
local binding: tag: 17
tib entry: 10.12.12.12/32, rev 1257
local binding: tag: 18
tib entry: 10.13.13.13/32, rev 14
local binding: tag: imp-null
tib entry: 10.10.0.0/16, rev 711
local binding: tag: imp-null
tib entry: 10.0.0.0/8, rev 1135
local binding: tag: imp-null
remote binding: tsr: 12.12.12.12:0, tag: imp-null
tib entry: 10.0.0.0/8, rev 8
local binding: tag: imp-null
Router#
In the following example, the mpls ldp neighbor labels accept command is configured with an access
control list to filter label bindings received on sessions with the neighbor 10.110.0.10.
Label bindings for prefixes that match 10.b.c.d are accepted, where b is less than or equal to 63, and c and d
can be any integer between 0 and 128. Other label bindings received from 10.110.0.10 are rejected.
Router# configure terminal
Router(config)# access-list 1 permit 10.63.0.0 0.63.255.255
Router(config)# mpls ldp neighbor 10.110.0.10 labels accept 1
Router(config)# end
MPLS LDP Inbound Label Binding Filtering
Configuration Examples for MPLS LDP Inbound Label Binding Filtering
MPLS LDP Configuration Guide, Cisco IOS Release 12.4
45