HP MSR2000/3000/4000 Router Series MPLS Command Reference
132
Related commands
• mpls te
• rsvp enable
rsvp authentication challenge
Use rsvp authentication challenge to enable RSVP challenge-response handshake on an interface.
Use undo rsvp authentication challenge to disable RSVP challenge-response handshake on an interface.
Syntax
rsvp authentication challenge
undo rsvp authentication challenge
Default
RSVP challenge-response handshake is disabled on an interface.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
To prevent packet replay attacks, RSVP requires received authentication messages to carry incremental
sequence numbers. RSVP saves the sequence number of the last valid message in a receive-type security
association to verify the subsequent messages. However, when RSVP creates a new receive-type security
association, it cannot obtain the sequence number of the sender. To successfully establish the
receive-type security association, RSVP sets the receive sequence number to 0 by default, so the
association can receive a message with any sequence number from the peer. Because this introduces a
vulnerability to replay attacks, you should execute the authentication challenge command. When RSVP
creates a receive-type security association, it will perform a challenge-response handshake to obtain the
sequence number of the sender.
RSVP challenge-response handshake can be configured in the following views:
• RSVP view—Configuration in this view applies to all RSVP messages.
• RSVP neighbor view—Configuration in this view applies only to RSVP messages received from and
sent to the specified neighbor.
• Interface view—Configuration in this view applies only to RSVP messages received and sent by the
current interface.
Examples
# Enable RSVP challenge-response handshake on interface Ethernet 1/1.
<Sysname> system-view
[Sysname] interface ethernet 1/1
[Sysname-Ethernet1/1] rsvp authentication challenge
Related commands
• authentication challenge
• authentication key