Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
1241124212431244124512461247124812491250
A-56
Command-Line Reference
Global Configuration Context
You can set extended options for capturing an interface by typing additional
keywords after the network interface. You can specify several combinations
of the extended options shown in Table A-8, and you can enter the options in
almost any order.
Table A-16. Extended Options
Note The subject name or one of the alternate names must match these settings:
The local ID in IKE policies that use this certificate
The remote ID in IKE policies on remote tunnel endpoints that verify this
certificate
The name must match in both type and value. For example, if you have typed
TMS.procurve.com for Subject Name in the certificate request, the local ID on
the module and the remote ID on the remote tunnel endpoint must use these
settings:
Type = Distinguished Name
Value = /CN=TMS.procurve.com
If you added a subject alternate name, you could specify those settings
instead—for example, IP Address for Type and 10.1.1.1 for Value.
For example:
ProCurve(tms-module-<slot ID>:config)# certificates
generate private-key id key1 algorithm dsa size-512
ProCurve(tms-module-<slot ID>:config)# certificates
generate request cert1 signature rsa-md5 private-key id
id1 subject tms.com alternative-names ip-addr-1 1.2.3.4
domain-1 x.com domain-2 y.com email-id-1 user@hp.com
Extended Command Option Purpose
ip-addr-1 <IP address> Specifies an IP addresses that the module uses to identify itself. Typically, the IP
address is the module’s public IP address, but you can specify any valid IP address.
You can specify up to two alternate name IP addresses.
ip-addr-2 <IP address>
domain-1 <domain name> Specifies an FQDNs that the module uses to identify itself. You can specify up to
two alternate name FQDNs.
domain-2 <domain name>
email-id-1 <email address> Specifies an email address that the module uses to identify itself. The email address
must be entered in a valid format, but it does not actually have to exist. It is simply
an ID. You can specify up to two alternate name email addresses.
email-id-2 <email address>