vpn-instance PKI command

Function

The vpn-instance command adds a PKI to a specified VPN.

The undo vpn-instance command unbinds a PKI from a specified VPN.

By default, a PKI does not belong to any VPN.

Format

PKI realm view

vpn-instance vpn-instance-name

undo vpn-instance vpn-instance-name

CMP session view

vpn-instance { vpn-name vpn-instance-name | public }

undo vpn-instance

Parameters

Parameter	Description	Value
vpn-instance-name/vpn-name vpn-instance-name	Specifies the name of a VPN instance.	The value must be the name of an existing VPN instance.
public	Specifies that the VPN service of a virtual system is forwarded by the root system. This parameter is supported in a virtual system only.	-

Parameter

Description

Value

vpn-instance-name/vpn-name vpn-instance-name

Specifies the name of a VPN instance.

The value must be the name of an existing VPN instance.

public

Specifies that the VPN service of a virtual system is forwarded by the root system.

This parameter is supported in a virtual system only.

Views

PKI realm view or CMP session view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To obtain and verify certificates, the device needs to communicate with the CA or SCEP server. When the CA or SECP server is in a VPN, add the PKI to the specified VPN.

Precautions

The VPN instance bound to the interface specified by the source interface command in the CMP session view must be the same as the VPN instance configured in the vpn-instance. If they are inconsistent, either source interface or vpn-instance, which is configured later, cannot be executed successfully.

Example

# Add the PKI to the VPN named vrf1.

<sysname> system-view
[sysname] ip vpn-instance vrf1
[sysname-vpn-instance-vrf1] route-distinguisher 22:1
[sysname-vpn-instance-vrf1-af-ipv4] quit
[sysname-vpn-instance-vrf1] quit
[sysname] pki realm abc
[sysname-pki-realm-abc] vpn-instance vrf1