557
pki domain
config-exchange
Use
config-exchange
to enable configuration exchange.
Use
undo config-exchange
to disable configuration exchange.
Syntax
config-exchange
{
request
|
set
{
accept
|
send
} }
undo config-exchange
{
request
|
set
{
accept
|
send
} }
Default
Configuration exchange is disabled.
Views
IKEv2 profile view
Predefined user roles
network-admin
Parameters
request
: Enables the device to send request messages carrying the configuration request payload
during the IKE_AUTH exchange.
set
: Specifies the configuration set payload exchange.
accept
: Enables the device to accept the configuration set payload carried in Info messages.
send
: Enables the device to send Info messages carrying the configuration set payload.
Usage guidelines
The configuration exchange feature enables the local and remote ends to exchange configuration
data, such as gateway address, internal IP address, and route. The exchange includes data request
and response, and data push and response. The enterprise center can push IP addresses to
branches. The branches can request IP addresses, but the requested IP addresses cannot be used.
You can specify both
request
and
set
for the device.
If you specify
request
for the local end, the remote end will respond if it can obtain the requested
data through AAA authorization.
If you specify
set send
for the local end, you must specify
set accept
for the remote end.
The device with
set send
specified pushes an IP address after the IKEv2 SA is set up if it does not
receive any configuration request from the peer.
Examples
# Create an IKEv2 profile named
profile1
.
<Sysname> system-view
[Sysname] ikev2 profile profile1
# Enable the local end to add the configuration request payload to the request message of
IKE_AUTH exchange.
[Sysname-ikev2-profile-profile1] config-exchange request
Related commands
aaa authorization
configuration policy
Summary of Contents for FlexNetwork MSR Series
Page 1005: ...987 ...