In the following example, the cryptographic authentication parameters, including type, key, challenge, lifetime, and window size are configured; and authentication is activated:
Device# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Device(config)# interface e0/0
Device(config-if)# ip rsvp bandwidth 7500 7500
Device(config-if)# ip rsvp authentication type sha-1
Device(config-if)# ip rsvp authentication key 11223344
Device(config-if)# ip rsvp authentication challenge
Device(config-if)# ip rsvp authentication lifetime 00:30:05
Device(config-if)# ip rsvp authentication window-size 2
Device(config-if)# ip rsvp authentication
In the following output from the
show
ip
rsvp
interface
detail command, notice the cryptographic authentication parameters that you configured for the Ethernet0/0 interface:
Device# show ip rsvp interface detail
Et0/0:
Bandwidth:
Curr allocated: 0 bits/sec
Max. allowed (total): 7500K bits/sec
Max. allowed (per flow): 7500K bits/sec
Max. allowed for LSP tunnels using sub-pools: 0 bits/sec
Set aside by policy (total): 0 bits/sec
Neighbors:
Using IP encap: 0. Using UDP encap: 0
Signalling:
Refresh reduction: disabled
Authentication: enabled
Key: 11223344
Type: sha-1
Window size: 2
Challenge: enabled
In the preceding example, the authentication key appears in clear text. If you enter the
key-config-key
1
string command, the key appears encrypted, as in the following example:
Device# show ip rsvp interface detail
Et0/0:
Bandwidth:
Curr allocated: 0 bits/sec
Max. allowed (total): 7500K bits/sec
Max. allowed (per flow): 7500K bits/sec
Max. allowed for LSP tunnels using sub-pools: 0 bits/sec
Set aside by policy (total): 0 bits/sec
Neighbors:
Using IP encap: 0. Using UDP encap: 0
Signalling:
Refresh reduction: disabled
Authentication: enabled
Key: <encrypted>
Type: sha-1
Window size: 2
Challenge: enabled
In the following output, notice that the authentication key changes from encrypted to clear text after the
no
key
config-key
1 command is issued:
Device# show running-config interface e0/0
Building configuration...
Current configuration :247 bytes
!
interface Ethernet0/0
ip address 192.168.101.2 255.255.255.0
no ip directed-broadcast
ip pim dense-mode
no ip mroute-cache
no cdp enable
ip rsvp bandwidth 7500 7500
ip rsvp authentication key 7>70>9:7<872>?74
ip rsvp authentication
end
Device# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Device(config)# no key config-key 1
Device(config)# end
Device# show running-config
*Jan 30 08:02:09.559:%SYS-5-CONFIG_I:Configured from console by console
int e0/0
Building configuration...
Current configuration :239 bytes
!
interface Ethernet0/0
ip address 192.168.101.2 255.255.255.0
no ip directed-broadcast
ip pim dense-mode
no ip mroute-cache
no cdp enable
ip rsvp bandwidth 7500 7500
ip rsvp authentication key 11223344
ip rsvp authentication
end