Certificate Policy Configuration Mode Commands

Configure the context level name to be used for the IKEv2 Security Association Certificate Policy for the current context.

Mode

Exec > Global Configuration > Context Configuration > Certificate Policy Configuration

configure > context context_name Certificate Policy Configuration service_name

Entering the above command sequence results in the following prompt:

[context_name]host_name(config-cert-policy)#

do show

Executes all show commands while in Configuration mode.

Product

All

Privilege

Security Administrator, Administrator

Syntax

do show

Usage Guidelines

Use this command to run all Exec mode show commands while in Configuration mode. It is not necessary to exit the Config mode to run a show command.

The pipe character | is only available if the command is valid in the Exec mode.

Caution

There are some Exec mode show commands which are too resource intensive to run from Config mode. These include: do show support collection , do show support details , do show support record and do show support summary . If there is a restriction on a specific show command, the following error message is displayed:

Failure: Cannot execute 'do	show support' command from Config mode.

end

Exits the current configuration mode and returns to the Exec mode.

Product

All

Privilege

Security Administrator, Administrator

Syntax

end

Usage Guidelines

Use this command to return to the Exec mode.

exit

Exits the current mode and returns to the parent configuration mode.

Product

All

Privilege

Security Administrator, Administrator

Syntax

exit

Usage Guidelines

Use this command to return to the parent configuration mode.

id

Configures ID for cert-entry.

Product

SecGW

Privilege

Security Administrator, Administrator

Mode

Exec > Global Configuration > Context

configure > context context_nameikev2-ikesa ikev2_sec_para

Entering the above command sequence results in the following prompt:

[local]host_name(config-cert-policy)#

Syntax

 epdg-s2b-gtpv2 send value match-criteria  { common-name valuevalue | domain-name value value }

id `value`

value: is an integer between 1 and 64.

match-criteria

Configures the match criteria to be configured and used for peer using cert as authorization for given Crypto Template.

common-name value`value`

Configures the entry with match criteria as common-name to be matched with CN in received Certificate.

value: is a string of size 1 through 64.

domain-name value`value`

Configure the entry with match criteria as domain name to be matched with domain in received Certificate.

value: is a string of size 1 through 64.

Usage Guidelines

Use this command to Enable/Disable the inclusion of the "UE Local IP Address" and "UE UDP Port" AVPs in the GTPv2 Create Session Request message from ePDG to PGW.

Example

Use the following command to configure ID for certificate entry as 4 with match criteria as domain name dom1.

  id 4 match-criteria domain-name dom1

Command Line Interface Reference, Modes C - D, StarOS Release 21.20

Bias-Free Language

Book Title

Command Line Interface Reference, Modes C - D, StarOS Release 21.20

Chapter Title