vpnip

vpnip |v6

ipsec-custom-cert vpnc-mac-1-c [vpnc-mac-2-c ][ca-cert |factory-ca-cert] [fqdn ] [interface vlan ] [server-cert |factory-cert]| [suite-b gcm128 |gcm256]

ipsec-factory-cert vpnc-mac-1

peer-mac ipsec {[fqdn ] [interface vlan ]}

Description

This command configures the certificate or PSK used by amanaged deviceto create a site-to-site IPsec VPN tunnel to acontrollerconfigured as a VPN concentrator. Use this command to configure amanaged deviceto communicate with a VPN concentrator in a deployment where bothMobility Conductorand the VPN concentrator are located within the same DMZ.

When themanaged devicecommunicates with the VPN concentrator to set up an IPsec tunnel, any uplink VLAN tag defined via theuplink wiredcommand will be sent with the vendor-id during IKE negotiation. This setting can uniquely bind the tunnel from a particular uplink on amanaged deviceto a corresponding crypto map on VPN concentrator.

Parameter

Description

Configure the IPv4 address of the VPN concentrator.

v6

Configure the IPv6 address of the VPN concentrator.

ipsec-custom-cert

Custom Cert-based IPsec secure communication between a VPN concentrator and amanaged device.

vpnc-mac-1-c

Specify the first VPN concentrator's MAC address.

vpnc-mac-2-c

Specify the second VPN concentrator's MAC address.

ca-cert | factory-cert

The specified CA certificate will be used validate the certificate presented by the VPN concentrator. Enter a name of a CA certificate, or choosefactory-certto use factory-installed CA Cert chain.

fqdn

Themanaged device's FQDN (max 64 bytes) used in IKE. This is optional for a dynamically addressed device.

interface vlan

Specify the VLAN ID of a VLAN interface that initiates the IKE tunnel. If no interface is specified, themanaged deviceuses the switch IP.

server-cert |factory-cert]

Themanaged devicewill use the specified server certificate for IPsec communication to a VPN concentrator.

suite-b gcm128|gcm256

Specify the GCM-128 or GCM-256 Suite B Algorithm

ipsec-factory-cert

Factory Cert-based IPsec secure communication between the VPN concentrator and themanaged device.

vpnc-mac-1-c

Specify VPN concentrator's MAC address.

peer-mac

Specify Peer MAC address for PSK-based authentication.

ipsec

Enable IPsec secure communication between the VPN concentrator and themanaged deviceusing the specified key.

fqdn

Themanaged device's FQDN (max 64 bytes) used in IKE. This is optional for a dynamically addressed device.

interface vlan

Specify the VLAN ID of a VLAN interface that initiates the IKE tunnel. If no interface is specified, themanaged deviceuses the switch IP.

Example

The following example configures a factory certificate used by amanaged deviceto create a site-to-site IPsec VPN tunnel to acontrollerconfigured as a VPN concentrator:

[host](mynode)(config) # vpnip 192.0.0.2 ipsec-factory-cert vpn-mac-1 01:00:5E:00:00:01

Related Commands

Command

Description

uplink

Manage and configure the uplink network connection on amanaged device.

vpnip

Defines Internet Key Exchange (IKE) parameters used by a VPN concentrator to create secure tunnels between that VPN concentrator and amanaged device.

Command History

Release

Modification

ArubaOS8.7.0.0

Thev6 parameter was added.

ArubaOS8.2.0.0

Thevpnc-mac-2-csub-parameter was added.

ArubaOS8.0.0.0

Command introduced.

Command Information

Platforms

许可证

Command Mode

Available on all platforms

Base operating system.

Config mode onMobility Conductor.