H3C S6550X-HI Series Command Reference Manual page 2367

•
key-id key-id-string
The
key-id-string
usually a vendor-specific string for doing proprietary types of identification.
Usage guidelines
The device compares the received peer ID with the peer IDs configured in local IKEv2 profiles. If a
match is found, it uses the IKEv2 profile with the matching peer ID for IKEv2 negotiation.
If the device has the
configured, it uses the IKEv2 profile that matches all the criteria configured by the commands.
To make sure only one IKEv2 profile is matched for a peer, do not configure the same peer ID for two
or more IKEv2 profiles. If you configure the same peer ID for two or more IKEv2 profiles, which IKEv2
profile is selected for IKEv2 negotiation is unpredictable.
You can configure an IKEv2 profile to match multiple peer IDs. A peer ID configured earlier has a
higher priority.
Examples
# Create an IKEv2 profile named profile1.
<Sysname> system-view
[Sysname] ikev2 profile profile1
# Configure the IKEv2 profile to match the peer ID that is FQDN name www.test.com.
[Sysname-ikev2-profile-profile1] match remote identity fqdn www.test.com
# Configure the IKEv2 profile to match the peer ID that is IP address 10.1.1.1.
[Sysname-ikev2-profile-profile1]match remote identity address 10.1.1.1
Related commands
identity local
match local address
match vrf
match vrf (IKEv2 policy view)
Use
match vrf
Use
undo match vrf
Syntax
match vrf { name vrf-name | any }
undo match vrf
Default
No VPN instance is specified, and the IKEv2 policy matches all local IP addresses in the public
network.
Views
IKEv2 policy view
Predefined user roles
network-admin
Parameters
name vrf-name
characters.
: Uses the peer's key ID as the peer ID for IKEv2 profile matching.
argument is a case-sensitive string of 1 to 255 characters, and is
,
match remote
to specify a VPN instance that an IKEv2 policy matches.
to restore the default.
: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31
, and
match vrf match local address
33
commands