The source interface command configures the source interface used in TCP connection setup.
The undo source interface command restores the default source interface used in TCP connection setup.
By default, the device uses the outbound interface as the source interface for TCP connection setup.
| Parameter | Description | Value |
|---|---|---|
| interface-type interface-number | Specifies an interface's IP address as the source IP address
used in TCP connection setup.
|
- |
Usage Scenario
The source interface command specifies the source interface for establishing a connection between the device and the Simple Certificate Enrollment Protocol (SCEP) or Online Certificate Status Protocol (OCSP) server. This interface IP address is the source IP address of the TCP connection.
In the multi-output scenario, if the interfaces for sending and receiving a TCP packet are different, the IP address in the received TCP packet is different from the IP address of the receiving interface. Then the TCP packet is dropped, and the TCP connection is torn down. In this situation, you can run this command to specify the loopback interface address.
Precautions
Ensure that the interface is at Layer 3 and has an IP address configured.
The VPN instance bound to the interface specified by the source interface command in the CMP session view must be the same as the VPN instance configured in the vpn-instance. If they are inconsistent, either source interface or vpn-instance, which is configured later, cannot be executed successfully.
<sysname> system-view [sysname] interface GigabitEthernet 1/0/1 [sysname-GigabitEthernet1/0/1] ip address 10.136.2.25 24 [sysname-GigabitEthernet1/0/1] quit [sysname] pki realm abc [sysname-pki-realm-abc] source interface GigabitEthernet 1/0/1