Alcatel-Lucent 7450 Manual page 46

Using RSVP for MPLS
To configure the use of an authentication keychain within RSVP, use the following steps:
1. Configure an authentication keychain within the config>system>security context. The
2. Associate the configure authentication keychain with RSVP at the interface level of the
For a key entry to be valid, it must include a valid key, the current system clock value must be
within the begin and end time of the key entry, and the algorithm specified in the key entry must be
supported by the RSVP protocol.
The RSVP protocol supports the following algorithms:
•
•
•
Error handling:
•
•
Page 46
configured keychain must include at least on valid key entry, using a valid authentication
algorithm for the RSVP protocol.
CLI, this is done through the use of the "auth-keychain name" command
clear text password
HMAC-MD5
HMC-SHA-1
If a keychain exists but there are no active key entries with an authentication type that is
valid for the associated protocol then inbound protocol packets will not be authenticated
and discarded, and no outbound protocol packets should be sent.
If keychain exists but the last key entry has expired, a log entry will be raised indicating
that all keychain entries have expired. The RSVP protocol requires that the protocol not
revert to an unauthenticated state and requires that the old key is not to be used, therefore,
once the last key has expired, all traffic will be discarded.
7450 ESS MPLS Guide