EasyManua.ls Logo

HPE MSR1000 - Page 258

HPE MSR1000
371 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
152
Table 7 Invalid characters for a PKI domain name
Character name
Symbol
Character name
Symbol
Tilde ~ Dot .
Asterisk * Left angle bracket <
Backslash \ Right angle bracket >
Vertical bar | Quotation marks "
Colon : Apostrophe '
server-pki-domain domain-name: Specifies the PKI domain for verifying the server's certificate.
The domain-name argument represents the PKI domain name, a case-insensitive string of 1 to 31
characters, excluding the characters listed in Table 7.
prefer-compress: Specifies the preferred compression algorithm for data compression between the
server and the client. By default, compression is not supported.
zlib: Specifies the compression algorithm zlib.
source: Specifies a source IP address or source interface for SCP packets. By default, the device
uses the primary IPv4 address of the output interface in the routing entry as the source address of
SCP packets. For successful SCP connections, use one of the following methods:
Specify the loopback interface as the source interface.
Specify the IPv4 address of the loopback interface as the source IPv4 address.
interface interface-type interface-number: Specifies a source interface by its type and number. The
IPv4 address of this interface is the source IPv4 address of the SCP packets.
ip ip-address: Specifies a source IPv4 address.
Usage guidelines
If the client and the server have negotiated to use certificate authentication, the client must verify the
server's certificate. For the client to correctly get the server's certificate, you must specify the server's
PKI domain on the client by using the server-pki-domain domain-name option. The client uses the
CA certificate stored in the specified PKI domain to verify the server's certificate and does not need to
save the server's public key before authentication. If you do not specify the server's PKI domain, the
client uses the PKI domain of its own certificate to verify the server's certificate.
Examples
# Use the 128-bit Suite B algorithms to establish a connection to the SCP sever 200.1.1.1 and
download the file abc.txt from the server. Specify the client's PKI domain and the server's PKI
domain as clientpkidomain and serverpkidomain, respectively.
<Sysname> scp 200.1.1.1 get abc.txt suite-b 128-bit pki-domain clientpkidomain
server-pki-domain serverpkidomain

Table of Contents

Related product manuals