authentication key
Use authentication key to enable RSVP authentication globally or for an RSVP neighbor, and configure the authentication key.
Use undo authentication key to disable RSVP authentication.
Syntax
authentication key { cipher | plain } string
undo authentication key
Default
RSVP authentication is disabled.
Views
RSVP view
RSVP neighbor view
Predefined user roles
network-admin
Parameters
cipher: Specifies an authentication key in encrypted form.
plain: Specifies an authentication key in plaintext form. For security purposes, the key specified in plaintext form will be stored in encrypted form.
string: Specifies the authentication key. Its plaintext form is a case-sensitive string of 1 to 16 characters. Its encrypted form is a case-sensitive string of 1 to 53 characters.
Usage guidelines
RSVP authentication ensures integrity of RSVP messages, and prevents false resource reservation requests from occupying network resources.
With RSVP authentication, the sender uses the MD5 algorithm and the authentication key to calculate a message digest for an RSVP message. The sender inserts the message digest to the RSVP message. When the receiver receives the message, it performs the same calculation and compares the result with the message digest received. If the two digests match, the receiver accepts the message. If the two digests do not match, it drops the message.
RSVP authentication can be configured in the following views:
RSVP view—Configuration applies to all RSVP security associations.
RSVP neighbor view—Configuration applies only to RSVP security associations with the specified RSVP neighbor.
Interface view—Configuration applies only to RSVP security associations established on the current interface.
Configurations in RSVP neighbor view, interface view, and RSVP view are in descending order of priority. If RSVP authentication for a neighbor is enabled in both RSVP neighbor view and RSVP view with different authentication keys configured, the key configured in RSVP neighbor view is used.
To re-establish a security association, you must delete the authentication key used by the current security association or delete the current security association (using the reset rsvp authentication command). Then, the device can re-establish a security association by looking up a new authentication key in order of priorities.
After you enable RSVP authentication on the local device, you must also enable RSVP authentication and configure the same authentication key on the RSVP neighbor.
Examples
# Enable RSVP authentication globally, and configure the authentication key as a plaintext string of abcdefgh.
<Sysname> system-view [Sysname] rsvp [Sysname-rsvp] authentication key plain abcdefgh
# Enable RSVP authentication for neighbor 1.1.1.9, and configure the authentication key as a plaintext string of abcdefgh.
<Sysname> system-view [Sysname] rsvp [Sysname-rsvp] peer 1.1.1.9 [Sysname-rsvp-peer-1.1.1.9] authentication key plain abcdefgh
Related commands
authentication challenge
authentication lifetime
authentication window-size
display rsvp authentication
reset rsvp authentication
rsvp authentication challenge
rsvp authentication key
rsvp authentication lifetime
rsvp authentication window-size