R0106-HP MSR Router Series Security Command Reference(V7)
361
Parameters
address { ipv4-address | ipv6 ipv6-address }: Uses an IPv4 or IPv6 address as the identity.
dn: Uses the DN in the digital signature as the identity.
fqdn fqdn-name: Uses the FQDN name as the identity. The fqdn-name argument is a case-sensitive string
of 1 to 255 characters, for example, www.test.com. If you do not specify this argument, the device name
configured by using the sysname command is used as the local FQDN.
user-fqdn user-fqdn-name: Uses the user FQDN name as the identity. The user-fqdn-name argument is a
case-sensitive string of 1 to 255 characters, for example, abc@test.com. If you do not specify this
argument, the device name configured by using the sysname command is used as the user FQDN.
Usage guidelines
The global identity can be used by the device for all IKE SA negotiations. The local identity (set by the
local-identity command) can be used only by the device that uses the IKE profile.
In pre-shared key authentication, you cannot set the DN as the identity.
In signature authentication:
• You can set any type of identity information.
• The ike signature-identity from-certificate command sets the local device to always use the identity
information obtained from the local certificate.
• If the ike signature-identity from-certificate command is not set, the local-identity command
configuration, if configured, takes precedence over the ike identity command configuration.
Examples
# Set the IP address 2.2.2.2 as the identity.
<sysname> system-view
[sysname] ike identity address 2.2.2.2
Related commands
• local-identity
• ike signature-identity from-certificate
ike invalid-spi-recovery enable
Use ike invalid-spi-recovery enable to enable invalid security parameter index (SPI) recovery.
Use undo ike invalid-spi-recovery enable to restore the default.
Syntax
ike invalid-spi-recovery enable
undo ike invalid-spi-recovery enable
Default
SPI recovery is disabled.
Views
System view
Predefined user roles
network-admin