[x]

RSVP commands > rsvp authentication challenge

 

 Next

rsvp authentication challenge

Use rsvp authentication challenge to enable RSVP challenge-response handshake on an interface.

Use undo rsvp authentication challenge to disable RSVP challenge-response handshake on an interface.

Syntax

rsvp authentication challenge

undo rsvp authentication challenge

Default

RSVP challenge-response handshake is disabled on an interface.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

To prevent packet replay attacks, RSVP requires received authentication messages to carry incremental sequence numbers. RSVP saves the sequence number of the last valid message in a receive-type security association to verify the subsequent messages. However, when RSVP creates a new receive-type security association, it cannot obtain the sequence number of the sender. To successfully establish the receive-type security association, RSVP sets the receive sequence number to 0 by default. Then, the association can receive a message with any sequence number from the peer. Because this introduces a vulnerability to replay attacks, you should execute the authentication challenge command. When RSVP creates a receive-type security association, it will perform a challenge-response handshake to obtain the sequence number of the sender.

RSVP challenge-response handshake can be configured in the following views:

Examples

# Enable RSVP challenge-response handshake on VLAN-interface 10. 

<Sysname> system-view
[Sysname] interface vlan-interface 10
[Sysname-Vlan-interface10] rsvp authentication challenge

Related commands

authentication challenge

authentication key

authentication lifetime

authentication window-size

display rsvp authentication

reset rsvp authentication

rsvp authentication key

rsvp authentication lifetime

rsvp authentication window-size

prev

 

up

 next

rsvp 

home

 rsvp authentication key

© Copyright 2017 Hewlett Packard Enterprise Development LP