RSVP Authentication by Using All the Modes: Example
RSVP Authentication by Using All the Modes: Example
The configuration example shows how to perform the following functions:
• Authenticates all RSVP messages.
• Authenticates the RSVP messages to or from 10.0.0.1 by setting the keychain for the key-source
• Authenticates the RSVP messages not to or from 10.0.0.1 by setting the keychain for the key-source
rsvp
interface GigabitEthernet0/6/0/0
!
neighbor 10.0.0.1
!
authentication
!
!
Note
If a keychain does not exist or contain valid keys, this is considered a configuration error because signaling
fails. However, this can be intended to prevent signaling. For example, when using the above configuration,
if the nbr_keys does not contain valid keys, all signaling with 10.0.0.1 fails.
Related Topics
Configuring the Window Size for RSVP Authentication in Global Configuration Mode, on page 136
Configuring the Window Size for an Interface for RSVP Authentication, on page 140
Configuring the Window Size for RSVP Neighbor Authentication, on page 144
Guidelines for Window-Size and Out-of-Sequence Messages, on page 122
Specifying the RSVP Authentication Keychain in Interface Mode, on page 137
Global, Interface, and Neighbor Authentication Modes, on page 119
Configuring a Lifetime for an Interface for RSVP Authentication, on page 139
RSVP Authentication Design, on page 118
Additional References
For additional information related to implementing GMPLS UNI, refer to the following references:
Cisco IOS XR MPLS Configuration Guide for the Cisco CRS Router, Release 5.1.x
152
key-chain command to nbr_keys, SA lifetime is set to 3600, and the default window-size is set to 1.
key-chain command to default_keys, SA lifetime is set to 3600, and the window-size is set 64 when
using GigabitEthernet0/6/0/0; otherwise, the default value of 1 is used.
authentication
window-size 64
!
authentication
key-source key-chain nbr_keys
!
key-source key-chain default_keys
life-time 3600
Implementing RSVP for MPLS-TE and MPLS O-UNI