display rsvp authentication
Use display rsvp authentication to display information about the security associations established with RSVP neighbors.
Syntax
display rsvp authentication [ from ip-address ] [ to ip-address ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
from ip-address: Displays information about the security associations with the specified source IP address.
to ip-address: Displays information about the security associations with the specified destination IP address.
verbose: Displays detailed information about RSVP security associations. If you do not specify this keyword, the command displays brief information about RSVP security associations.
Usage guidelines
After RSVP authentication is enabled, the device automatically establishes security associations when sending and receiving RSVP messages. A security association includes the following information:
IP address of the authentication source node.
IP address of the authentication destination node.
Authentication direction.
Authentication type.
Authentication key.
Authentication expiration time.
The device obtains the RSVP authentication source and destination IP addresses from the IP header or RSVP message objects, as shown in Table 48.
Table 48: How to get RSVP authentication source and destination IP addresses
Message type received or sent | Authentication source IP | Authentication destination IP |
---|---|---|
Path | Address in the HOP object of the RSVP message. | Address in the SESSION object of the RSVP message. |
PathTear | Address in the HOP object of the RSVP message. | Address in the SESSION object of the RSVP message. |
PathError | Source IP address in the IP header | Destination IP address in the IP header |
Resv | Address in the HOP object of the RSVP message. | Destination IP address in the IP header |
ResvTear | Address in the HOP object of the RSVP message. | Destination IP address in the IP header |
ResvError | Address in the HOP object of the RSVP message. | Destination IP address in the IP header |
ResvConfirm | Source IP address in the IP header | Address in the CONFIRM object of the RSVP message. |
ACK | Source IP address in the IP header | Destination IP address in the IP header |
Srefresh | Source IP address in the IP header | Destination IP address in the IP header |
Hello | Source IP address in the IP header | Destination IP address in the IP header |
If you do not specify the from ip-address to ip-address options, this command displays information about the security associations established with all RSVP neighbors.
Examples
# Display brief information about the security associations established with all RSVP neighbors.
<Sysname> display rsvp authentication From To Mode Type Key-ID Expiration 57.10.10.1 57.10.10.2 Receive Interface 000103000000 280s 57.10.10.2 57.10.10.1 Send Interface 000103000000 280s
Table 49: Command output
Field | Description |
---|---|
From | RSVP authentication source IP address. |
To | RSVP authentication destination IP address. |
Mode | Direction of the security association:
|
Type | Type of the security association:
|
Key-ID | Key ID of the security association.
|
Expiration | Idle timeout remaining time of the security association, in seconds. |
# Display detailed information about the security associations established with all RSVP neighbors.
<Sysname> display rsvp authentication verbose From: 20.1.1.1 To: 4.4.4.9 Mode: Send Type: Interface Challenge: Supported Peer: 20.1.1.2 Local key ID: 0x000104000000 Peer key ID: 0x0 Lifetime: 1800 sec Expiration time: 1781 sec Window size: 1 Last sent sequence number: 5781735195480686593 From: 20.1.1.2 To: 20.1.1.1 Mode: Receive Type: Interface Challenge: Not configured Peer: 20.1.1.2 Local key ID: 0x0 Peer key ID: 0x000104000000 Lifetime: 1800 sec Expiration time: 1798 sec Window size: 1 Received sequence numbers: 5781742445385482241
Table 50: Command output
Field | Description |
---|---|
From | RSVP authentication source IP address. |
To | RSVP authentication destination IP address. |
Mode | Direction of the security association:
|
Type | Type of the security association:
|
Challenge | State of the authentication challenge-response feature:
|
Peer | IP address of the authentication neighbor. |
Local key ID | Local key ID, for a send security association. |
Peer key ID | Peer key ID, for a receive security association. |
Lifetime | Idle timeout of the security association, in seconds. |
Expiration time | Idle timeout remaining time of the security association, in seconds. |
Window size | Maximum number of out-of-sequence authenticated RSVP messages that can be received. |
Received sequence numbers | Sequence numbers of the received messages. This field can display the sequence numbers for a maximum of window-size messages. |
Last sent sequence number | Sequence number of the last sent message. |
Related commands
authentication challenge
authentication key
authentication lifetime
authentication window-size
reset rsvp authentication
rsvp authentication challenge
rsvp authentication key
rsvp authentication lifetime
rsvp authentication window-size