EasyManuals Logo

HPE MSR3000 User Manual

HPE MSR3000
371 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #222 background imageLoading...
Page #222 background image
116
Usage guidelines
If you specify the local or remote keyword, you configure an asymmetric key. If you specify neither
the local nor the remote keyword, you configure a symmetric key.
To delete a key by using the undo command, you must specify the correct key type. For example, if
you configure a key by using the pre-shared-key local command, you cannot delete the key by
using the undo pre-shared-key or undo pre-shared-key remote command.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
•
On the initiator:
# Create an IKEv2 keychain named key1.
<Sysname> system-view
[Sysname] ikev2 keychain key1
# Create an IKEv2 peer named peer1.
[Sysname-ikev2-keychain-key1] peer peer1
# Configure the symmetric plaintext pre-shared key 111-key.
[Sysname-ikev2-keychain-key1-peer-peer1] pre-shared-key plaintext 111-key
[Sysname-ikev2-keychain-key1-peer-peer1] quit
# Create an IKEv2 peer named peer2.
[Sysname-ikev2-keychain-key1] peer peer2
# Configure asymmetric plaintext pre-shared keys. The key for certificate signing is 111-key-a
and the key for certificate authentication is 111-key-b.
[Sysname-ikev2-keychain-key1-peer-peer2] pre-shared-key local plaintext 111-key-a
[Sysname-ikev2-keychain-key1-peer-peer2] pre-shared-key remote plaintext 111-key-b
•
On the responder:
# Create an IKEv2 keychain named telecom.
<Sysname> system-view
[Sysname] ikev2 keychain telecom
# Create an IKEv2 peer named peer1.
[Sysname-ikev2-keychain-telecom] peer peer1
# Configure the symmetric plaintext pre-shared key 111-key.
[Sysname-ikev2-keychain-telecom-peer-peer1] pre-shared-key plaintext 111-key
[Sysname-ikev2-keychain-telecom-peer-peer1] quit
# Create an IKEv2 peer named peer2.
[Sysname-ikev2-keychain-telecom] peer peer2
# Configure asymmetric plaintext pre-shared keys. The key for certificate signing is 111-key-b
and the key for certificate authentication is 111-key-a.
[Sysname-ikev2-keychain-telecom-peer-peer2] pre-shared-key local plaintext
111-key-b
[Sysname-ikev2-keychain-telecom-peer-peer2] pre-shared-key remote plaintext
111-key-a

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE MSR3000 and is the answer not in the manual?

HPE MSR3000 Specifications

General IconGeneral
BrandHPE
ModelMSR3000
CategoryNetwork Router
LanguageEnglish

Related product manuals