cmp source interface

Function

The cmp source interface command configures the source interface of CMPv2 packets. The IP address of the configured source interface is used as the source IP address of the packets sent from the device to the CMPv2 server.

The undo cmp source interface command deletes the source interface configured for CMPv2 packets.

By default, the source IP address of CMPv2 packets is obtained based on the destination IP address in the routing table.

Format

cmp source interface { interface-name | interface-type interface-number }

undo cmp source interface [ interface-name | interface-type interface-number ]

Parameters

Parameter Description Value
interface-type interface-number

Specifies the type and number of an interface.

-

Views

PKI CMP session view, VS PKI CMP session view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
pki write

Usage Guidelines

Usage Scenario

When a device exchanges packets with the CMPv2 server to apply for certificates, the IP address of the outbound interface for the reachable route to the device is used as the source IP address of the packets. If a different route is used, the outbound interface may change, causing the following problems:

  • The source IP address of CMPv2 packets changes, requiring the device and PKI system to implement CMP renegotiation.
  • If there is a firewall between the device and PKI system, the source IP address of CMPv2 packets cannot be specified on the firewall, increasing insecurity risks.

    To resolve the preceding problems, run the cmp source interface command to specify a source interface for CMPv2 packets. After a source interface is specified for CMPv2 packets, the IP address of this interface is used as the source IP address of the packets sent from the device to the CMPv2 server.

Example

# Specify the interface loopback 1 as the source interface of CMP session 1 packets.
<HUAWEI> system-view
[~HUAWEI] interface LoopBack 1
[*HUAWEI-LoopBack1] ip address 10.1.1.1 32
[*HUAWEI-LoopBack1] commit
[~HUAWEI-LoopBack1] quit
[~HUAWEI] pki domain domain1
[*HUAWEI-pki-domain-domain1] pki cmp session session1
[*HUAWEI-pki-domain-domain1-pki-cmp-session-session1] cmp source interface loopback 1
Parent Topic: PKI Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >