rsvp authentication key
Use rsvp authentication key to enable RSVP authentication on an interface and configure the authentication key.
Use undo rsvp authentication key to disable RSVP authentication on an interface.
Syntax
rsvp authentication key { cipher | plain } string
undo rsvp authentication key
Default
RSVP authentication is disabled.
Views
Interface view
Predefined user roles
network-admin
Parameters
cipher: Specifies an authentication key in encrypted form.
plain: Specifies an authentication key in plaintext form. For security purposes, the key specified in plaintext form will be stored in encrypted form.
string: Specifies the authentication key. Its plaintext form is a case-sensitive string of 1 to 16 characters. Its encrypted form is a case-sensitive string of 1 to 53 characters.
Usage guidelines
RSVP authentication ensures integrity of RSVP messages, preventing fake resource reservation requests from occupying network resources.
RSVP uses MD5 to calculate a digest for the authentication key and the message body, adds the digest to the message, and sends the message. When the peer receives the message, it performs the same calculation and compares the calculated digest with the digest in the message. If the two digests are the same, the message passes the RSVP authentication and is accepted. If the two digests are different, the peer device discards the message.
RSVP authentication can be configured in the following views:
RSVP view—Configuration applies to all RSVP security associations.
RSVP neighbor view—Configuration applies only to RSVP security associations with the specified RSVP neighbor.
Interface view—Configuration applies only to RSVP security associations established on the current interface.
Configurations in RSVP neighbor view, interface view, and RSVP view are in descending order of priority. If RSVP authentication for a neighbor is enabled in both RSVP neighbor view and RSVP view, the authentication key configured in RSVP neighbor view is used.
To re-establish a security association, you must delete the authentication key used by the current security association or delete the current security association (using the reset rsvp authentication command). Then, the device can re-establish a security association by looking up a new authentication key in order of priorities.
After RSVP authentication is enabled on the local device, you must also enable RSVP authentication and configure the same authentication key on the RSVP neighbor.
Examples
# Enable RSVP authentication and configure an authentication key of abcdefgh on VLAN-interface 10.
<Sysname> system-view [Sysname] interface vlan-interface 10 [Sysname-Vlan-interface10] rsvp authentication key plain abcdefgh
Related commands
authentication challenge
authentication key
authentication lifetime
authentication window-size
display rsvp authentication
reset rsvp authentication
rsvp authentication challenge
rsvp authentication lifetime
rsvp authentication window-size