HP FlexNetwork MSR Series Configuration Manual page 183
Hide thumbs
Also See for FlexNetwork MSR Series:
- Command reference manual (1005 pages) ,
- Configuration manuals (159 pages)
Table of Contents
Advertisement
# Retrieve the CA certificate from the certificate issuing server.
[RouterA] pki retrieval-certificate ca domain voice
# Request a local certificate from the CA.
[RouterA] pki request-certificate domain voice
# Create an SSL server policy named server and configure the policy to use PKI domain voice.
[RouterA] ssl server-policy server
[RouterA-ssl-server-policy-server] pki-domain voice
# Create an SSL client policy named client and configure the policy to use PKI domain voice.
[RouterA] ssl client-policy client
[RouterA-ssl-client-policy-server] pki-domain voice
# Reference the created SSL server and client policies for SIP, and then specify TLS as the
transport layer protocol for both outgoing and incoming SIP calls.
[RouterA] voice-setup
[RouterA-voice] sip
[RouterA-voice-sip] crypto ssl-server-policy server
[RouterA-voice-sip] crypto ssl-client-policy client
[RouterA-voice-sip] listen transport tls
[RouterA-voice-sip] transport tls
[RouterA-voice-sip] quit
# Configure the voice entities.
[RouterA-voice] dial-program
[RouterA-voice-dial] entity 2222 voip
[RouterA-voice-dial-entity2222] address sip ip 192.168.2.2 port 5061
[RouterA-voice-dial-entity2222] match-template 2222
[RouterA-voice-dial-entity2222] quit
[RouterA-voice-dial] entity 1111 pots
[RouterA-voice-dial-entity1111] line 1/0
[RouterA-voice-dial-entity1111] match-template 1111
[RouterA-voice-dial-entity1111] quit
[RouterA-voice-dial] quit
2.
Configure Router B:
# Configure the IP address of the Ethernet interface.
<RouterB> system-view
[RouterB] interface ethernet 2/1
[RouterB-Ethernet2/1] ip address 192.168.2.2 255.255.255.0
[RouterB-Ethernet2/1] quit
# Create a PKI entity aaa, enter its view, and then configure the common name of the entity as
RouterB.
[RouterB] pki entity aaa
[RouterB-pki-entity-aaa] common-name RouterB
[RouterB-pki-entity-aaa] quit
# Create a PKI domain voice, enter its view, and then specify the trusted CA as voice.
[RouterB] pki domain voice
[RouterB-pki-domain-voice] ca identifier voice
# Specify the URL of the registrar for certificate request. The URL is in the format of
http://host:port/Issuing Jurisdiction ID, where Issuing Jurisdiction ID is a hexadecimal
character string generated on the CA server. Then, specify the authority for certificate request
as CA, and specify the entity for certificate request as aaa.
170
Advertisement
Table of Contents
Troubleshooting
