rsvp authentication challenge
Use rsvp authentication challenge to enable RSVP challenge-response handshake on an interface.
Use undo rsvp authentication challenge to disable RSVP challenge-response handshake on an interface.
Syntax
rsvp authentication challenge
undo rsvp authentication challenge
Default
RSVP challenge-response handshake is disabled on an interface.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
To prevent packet replay attacks, RSVP requires received authentication messages to carry incremental sequence numbers. RSVP saves the sequence number of the last valid message in a receive-type security association to verify the subsequent messages. However, when RSVP creates a new receive-type security association, it cannot obtain the sequence number of the sender. To successfully establish the receive-type security association, RSVP sets the receive sequence number to 0 by default. Then, the association can receive a message with any sequence number from the peer. Because this introduces a vulnerability to replay attacks, you should execute the authentication challenge command. When RSVP creates a receive-type security association, it will perform a challenge-response handshake to obtain the sequence number of the sender.
RSVP challenge-response handshake can be configured in the following views:
RSVP view—Configuration applies to all RSVP security associations.
RSVP neighbor view—Configuration applies only to RSVP security associations with the specified RSVP neighbor.
Interface view—Configuration applies only to RSVP security associations established on the current interface.
Examples
# Enable RSVP challenge-response handshake on VLAN-interface 10.
<Sysname> system-view [Sysname] interface vlan-interface 10 [Sysname-Vlan-interface10] rsvp authentication challenge
Related commands
authentication challenge
authentication key
authentication lifetime
authentication window-size
display rsvp authentication
reset rsvp authentication
rsvp authentication key
rsvp authentication lifetime
rsvp authentication window-size