The mpls rsvp-te authentication keychain command is used to configure keychain authentication.
The undo mpls rsvp-te authentication keychain command is used to disable keychain authentication.
By default, keychain authentication is not enabled.
100ge sub-interface view, 100GE interface view, 10GE sub-interface view, 10GE interface view, 25GE sub-interface view, 25GE interface view, 400GE sub-interface view, 400GE interface view, 40GE sub-interface view, 40GE interface view, 50GE sub-interface view, 50GE interface view, Eth-Trunk sub-interface view, Eth-Trunk interface view, GE optical interface view, GE sub-interface view, GE electrical interface view, GMPLS-UNI interface view, Tunnel interface view, XGE sub-interface view, XGE interface view
Usage Scenario
RSVP authentication can be configured to improve network reliability and security and prevent attacks initiated using messages modified or forged by unauthorized users.
RSVP authentication can prevent the setup of an illegal RSVP neighbor relationship using the following methods and protect the local node against attacks (such as malicious reservation of a larger number of bandwidth resources):
Precautions
User should use the same keychain configuration between the nodes which have set up LSP, otherwise the LSP will be break off or cannot be set up.
<HUAWEI> system-view [~HUAWEI] mpls [*HUAWEI-mpls] mpls te [*HUAWEI-mpls] mpls rsvp-te [*HUAWEI-mpls] quit [*HUAWEI] interface GigabitEthernet 0/1/0 [*HUAWEI-GigabitEthernet0/1/0] mpls [*HUAWEI-GigabitEthernet0/1/0] mpls te [*HUAWEI-GigabitEthernet0/1/0] mpls rsvp-te [*HUAWEI-GigabitEthernet0/1/0] mpls rsvp-te authentication keychain key123