In the following example, the cryptographic authentication parameters, including type, key, challenge, lifetime, and window size are configured; and authentication is activated:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# interface e0/0
Router(config-if)# ip rsvp bandwidth 7500 7500
Router(config-if)# ip rsvp authentication type sha-1
Router(config-if)# ip rsvp authentication key 11223344
Router(config-if)# ip rsvp authentication challenge
Router(config-if)# ip rsvp authentication lifetime 00:30:05
Router(config-if)# ip rsvp authentication window-size 2
Router(config-if)# ip rsvp authentication
In the following output from the show ip rsvp interface detail command, notice the cryptographic authentication parameters that you configured for the Ethernet0/0 interface:
Router# show ip rsvp interface detail
Et0/0:
Bandwidth:
Curr allocated: 0 bits/sec
Max. allowed (total): 7500K bits/sec
Max. allowed (per flow): 7500K bits/sec
Max. allowed for LSP tunnels using sub-pools: 0 bits/sec
Set aside by policy (total): 0 bits/sec
Neighbors:
Using IP encap: 0. Using UDP encap: 0
Signalling:
Refresh reduction: disabled
Authentication: enabled
Key: 11223344
Type: sha-1
Window size: 2
Challenge: enabled
In the preceding example, the authentication key appears in clear text. If you enter the key-config-key 1 string command, the key appears encrypted, as in the following example:
Router# show ip rsvp interface detail
Et0/0:
Bandwidth:
Curr allocated: 0 bits/sec
Max. allowed (total): 7500K bits/sec
Max. allowed (per flow): 7500K bits/sec
Max. allowed for LSP tunnels using sub-pools: 0 bits/sec
Set aside by policy (total): 0 bits/sec
Neighbors:
Using IP encap: 0. Using UDP encap: 0
Signalling:
Refresh reduction: disabled
Authentication: enabled
Key: <encrypted>
Type: sha-1
Window size: 2
Challenge: enabled
In the following output, notice that the authentication key changes from encrypted to clear text after the no key config-key 1 command is issued:
Router# show running-config interface e0/0
Building configuration...
Current configuration :247 bytes
!
interface Ethernet0/0
ip address 192.168.101.2 255.255.255.0
no ip directed-broadcast
ip pim dense-mode
no ip mroute-cache
no cdp enable
ip rsvp bandwidth 7500 7500
ip rsvp authentication key 7>70>9:7<872>?74
ip rsvp authentication
end
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# no key config-key 1
Router(config)# end
Router# show running-config
*Jan 30 08:02:09.559:%SYS-5-CONFIG_I:Configured from console by console
int e0/0
Building configuration...
Current configuration :239 bytes
!
interface Ethernet0/0
ip address 192.168.101.2 255.255.255.0
no ip directed-broadcast
ip pim dense-mode
no ip mroute-cache
no cdp enable
ip rsvp bandwidth 7500 7500
ip rsvp authentication key 11223344
ip rsvp authentication
end