display rsvp authentication

Use display rsvp authentication to display information about the security associations established with RSVP neighbors.

Syntax

display rsvp authentication [ from ip-address ] [ to ip-address ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

from ip-address: Displays information about the security associations with the specified source IP address.

to ip-address: Displays information about the security associations with the specified destination IP address.

verbose: Displays detailed information about RSVP security associations. If you do not specify this keyword, the command displays brief information about RSVP security associations.

Usage guidelines

After RSVP authentication is enabled, the device automatically establishes security associations when sending and receiving RSVP messages. A security association includes the following information:

IP address of the authentication source node.
IP address of the authentication destination node.
Authentication direction.
Authentication type.
Authentication key.
Authentication expiration time.

The device obtains the RSVP authentication source and destination IP addresses from the IP header or RSVP message objects, as shown in Table 48.

Table 48: How to get RSVP authentication source and destination IP addresses

Message type received or sent	Authentication source IP	Authentication destination IP
Path	Address in the HOP object of the RSVP message.	Address in the SESSION object of the RSVP message.
PathTear	Address in the HOP object of the RSVP message.	Address in the SESSION object of the RSVP message.
PathError	Source IP address in the IP header	Destination IP address in the IP header
Resv	Address in the HOP object of the RSVP message.	Destination IP address in the IP header
ResvTear	Address in the HOP object of the RSVP message.	Destination IP address in the IP header
ResvError	Address in the HOP object of the RSVP message.	Destination IP address in the IP header
ResvConfirm	Source IP address in the IP header	Address in the CONFIRM object of the RSVP message.
ACK	Source IP address in the IP header	Destination IP address in the IP header
Srefresh	Source IP address in the IP header	Destination IP address in the IP header
Hello	Source IP address in the IP header	Destination IP address in the IP header

If you do not specify the from ip-address to ip-address options, this command displays information about the security associations established with all RSVP neighbors.

Examples

# Display brief information about the security associations established with all RSVP neighbors.

<Sysname> display rsvp authentication
From            To              Mode    Type      Key-ID       Expiration
57.10.10.1      57.10.10.2      Receive Interface 000103000000 280s
57.10.10.2      57.10.10.1      Send    Interface 000103000000 280s

Table 49: Command output

Field	Description
From	RSVP authentication source IP address.
To	RSVP authentication destination IP address.
Mode	Direction of the security association: Receive—Receive security association, used to authenticate messages received from an RSVP neighbor. Send—Send security association, used to authenticate messages sent to an RSVP neighbor.
Type	Type of the security association: Peer—Security association established in RSVP neighbor view. Interface—Security association established in interface view. Global—Security association established in RSVP view.
Key-ID	Key ID of the security association. For a send security association, this field displays the local key ID. For a receive security association, this field displays the key ID received from the peer.
Expiration	Idle timeout remaining time of the security association, in seconds.

# Display detailed information about the security associations established with all RSVP neighbors.

<Sysname> display rsvp authentication verbose
From: 20.1.1.1                            To: 4.4.4.9
Mode: Send                                Type: Interface
Challenge: Supported                      Peer: 20.1.1.2
Local key ID: 0x000104000000              Peer key ID: 0x0
Lifetime: 1800 sec                        Expiration time: 1781 sec
Window size: 1
Last sent sequence number:
  5781735195480686593

From: 20.1.1.2                            To: 20.1.1.1
Mode: Receive                             Type: Interface
Challenge: Not configured                 Peer: 20.1.1.2
Local key ID: 0x0                         Peer key ID: 0x000104000000
Lifetime: 1800 sec                        Expiration time: 1798 sec
Window size: 1
Received sequence numbers:
  5781742445385482241

Table 50: Command output

Field	Description
From	RSVP authentication source IP address.
To	RSVP authentication destination IP address.
Mode	Direction of the security association: Receive—Receive security association, used to authenticate messages received from an RSVP neighbor. Send—Send security association, used to authenticate messages sent to an RSVP neighbor.
Type	Type of the security association: Peer—Security association established in RSVP neighbor view. Interface—Security association established in interface view. Global—Security association established in RSVP view.
Challenge	State of the authentication challenge-response feature: Not configured—The challenge-response handshake feature is disabled locally. (For a receive security association.) Configured—The challenge-response handshake feature is enabled locally. (For a receive security association.) In progress—The local device has sent an Integrity Challenge message to the peer and is waiting for the Integrity Response message from the peer. Completed—The local device has received an Integrity Response message from the peer and the message has passed the authentication. Failed—The Failed state is displayed when one of the following events occurs: The local device has received an Integrity Response message from the peer but the message failed the authentication. The local device has not received any valid Integrity Response after sending three Integrity Challenge messages to the peer. The challenge-response feature is disabled on the peer. Supported—The local device supports the challenge-response feature. (For a send security association.)
Peer	IP address of the authentication neighbor.
Local key ID	Local key ID, for a send security association.
Peer key ID	Peer key ID, for a receive security association.
Lifetime	Idle timeout of the security association, in seconds.
Expiration time	Idle timeout remaining time of the security association, in seconds.
Window size	Maximum number of out-of-sequence authenticated RSVP messages that can be received.
Received sequence numbers	Sequence numbers of the received messages. This field can display the sequence numbers for a maximum of window-size messages.
Last sent sequence number	Sequence number of the last sent message.

Related commands

authentication challenge

authentication key

authentication lifetime

authentication window-size

reset rsvp authentication

rsvp authentication challenge

rsvp authentication key

rsvp authentication lifetime

rsvp authentication window-size

prev	up	next
display rsvp	home	display rsvp lsp