local-address(template)

Function

The local-address command assigns an IP address to the local end negotiating with the peer end in the IPSec policy template view.

The undo local-address command restores the default setting.

By default, the local IP address is not set.

This command is supported only on the NetEngine 8000 F1A.

Format

local-address localaddr [ binding interface { ifname | iftype ifnum } vlan { start-vlan-id1 end-vlan-id1 } [ { start-vlan-id2 end-vlan-id2 } [ { start-vlan-id3 end-vlan-id3 } ] ] ]

undo local-address

Parameters

Parameter Description Value
localaddr

Specifies the IP address of the local peer.

To reduce IP address consumption, IPsec supports the IP address unnumbered function. This address can be the same as the IP address of an Ethernet main interface or sub-interface, Eth-Trunk interface or sub-interface, VLANIF interface, tunnel interface, or loopback interface on the device.

The value is in dotted decimal notation.
interface

Specifies the type and number of the interface.

Ethernet, Eth-Trunk, and GE interfaces are supported.

-
start-vlan-id1

Specifies the VLAN id range.

The value is an integer ranging from 1 to 4094.
end-vlan-id1

Specifies the VLAN id range.

The value is an integer ranging from 1 to 4094.
start-vlan-id2

Specifies the VLAN id range.

The value is an integer ranging from 1 to 4094.
end-vlan-id2

Specifies the VLAN id range.

The value is an integer ranging from 1 to 4094.
start-vlan-id3

Specifies the VLAN id range.

The value is an integer ranging from 1 to 4094.
end-vlan-id3

Specifies the VLAN id range.

The value is an integer ranging from 1 to 4094.

Views

IPsec policy template view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
ike write

Usage Guidelines

The local IP address must be configured when the interface of the IPSec tunnel initiating end is configured with multiple IP addresses or the IPSec application is applied to the dual-system hot backup environment.

If the IP address of the local peer is the same as that of another interface on the device and the IPSec policy is configured on a tunnel interface, the device automatically generates the binding tunnel ipsec command configuration on the interface. This indicates that the interface has the IPSec policy bound, and therefore cannot be used for other services.

After an IPSec policy is applied to an interface, you cannot run the local-address command to modify the local IP address of the IPSec policy.

When different Tunnel interfaces send negotiation packets with the same IP address, the inbound interface will be used to identify the peer addressed.

Example

# Assign 10.1.1.1 to the local end negotiating with the peer end in IPsec policy 1.
<HUAWEI> system-view
[~HUAWEI] ipsec policy-template policy1 1
[*HUAWEI-ipsec-policy-templet-policy1-1] local-address 10.1.1.1
Parent Topic: IPSec Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >