R2511-HP MSR Router Series Security Command Reference(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router

311

312

313

314

315

316

317

318

319

320

301

# Use PKI domain pki-local for certificate signing and PKI domain pki-remote for certificate

authentication.

Related commands

• display ikev2 profile

• 　authentication

• 　pki domain

pre-shared-key (IKEv2 peer view)

Use pre-shared-key to configure a pre-shared key for a peer.

Use undo pre-shared-key to delete a pre-shared key of a peer.

Syntax

pre-shared-key [ local | remote ] [ cipher | simple ] key

undo pre-shared-key [ local | remote ]

Default

An IKEv2 peer has no pre-shared key.

Views

IKEv2 peer view

Default command level

2: System level

Parameters

local: Specifies a key for certificate signing.

remote: Specifies a key for certificate authentication.

cipher: Sets a ciphertext pre-shared key.

simple: Sets a plaintext pre-shared key.

key: Specifies the key string. This argument is case sensitive. If cipher is specified, it must be a ciphertext

string of 1 to 201 characters. If simple is specified, it must be a string of 1 to 128 characters. If neither

cipher nor simple is specified, you set a plaintext key string.

Usage guidelines

If you specify neither the local nor the remote keyword, the same key is used for both certificate signing

and certificate authentication.

For security purposes, all keys, including keys configured in plain text, are saved in cipher text.

Examples

• On an initiator　 :

# Create an IKEv2 keyring named keyr1.

<Sysname> system-view

[Sysname] ikev2 keyring keyr1

# Create an IKEv2 peer named peer1.

[Sysname-ikev2-keyring-keyr1] peer peer1