Match Local Address (Ikev2 Policy View) - H3C MSR Series Command Reference Manual
Comware 7 security
Hide thumbs
Also See for MSR Series:
- Command reference manual (174 pages) ,
- Configuration manual (80 pages) ,
- Manual (33 pages)
Table of Contents
Advertisement
Predefined user roles
network-admin
Parameters
address: Specifies a local interface or IP address to which an IKEv2 profile can be applied.
interface-type interface-number: Specifies a local interface by its type and number. It can be any
Layer 3 interface.
ipv4-address: Specifies the IPv4 address of a local interface.
ipv6 ipv6-address: Specifies the IPv6 address of a local interface.
Usage guidelines
Use this command to specify which address or interface can use the IKEv2 profile for IKEv2
negotiation. The interface is the interface that receives IKEv2 packets. The IP address is the IP
address of the interface that receives IKEv2 packets.
An IKEv2 profile configured earlier has a higher priority. To give an IKEv2 profile that is configured
later a higher priority, you can configure the priority command or this command for the profile. For
example, suppose you configured IKEv2 profile A before configuring IKEv2 profile B, and you
configured the match remote identity address range 2.2.2.1 2.2.2.100 command for IKEv2 profile
A and the match remote identity address range 2.2.2.1 2.2.2.10 command for IKEv2 profile B. For
the local interface with the IP address 3.3.3.3 to negotiate with the peer 2.2.2.6, IKEv2 profile A is
preferred because IKEv2 profile A was configured earlier. To use IKEv2 profile B, you can use this
command to restrict the application scope of IKEv2 profile B to IPv4 address 3.3.3.3.
You can specify multiple applicable local interfaces or IP addresses for an IKEv2 profile.
Examples
# Create an IKEv2 profile named profile1.
<Sysname> system-view
[Sysname] ikev2 profile profile1
# Apply the IKEv2 profile profile1 to the interface whose IP address is 2.2.2.2.
[Sysname-ikev2-profile-profile1] match local address 2.2.2.2
Related commands
match remote
match local address (IKEv2 policy view)
Use match local address to specify a local interface or a local address that an IKEv2 policy
matches.
Use undo match local address to remove a local interface or a local address that an IKEv2 policy
matches.
Syntax
match local address { interface-type interface-number | ipv4-address | ipv6 ipv6-address }
undo match local address { interface-type interface-number | ipv4-address | ipv6 ipv6-address }
Default
No local interface or address is specified, and the IKEv2 policy matches any local interface or local
address.
Views
IKEv2 policy view
640
Advertisement
Table of Contents
