vpn-instance

Function

The vpn-instance command adds a PKI realm to a specified VPN.

The undo vpn-instance command unbinds a PKI realm from a specified VPN.

By default, a PKI realm is not added to any VPN.

Format

PKI realm view

vpn-instance { vpn-instance-name | public }

undo vpn-instance

CMP session view

vpn-instance { vpn-name vpn-instance-name | public }

undo vpn-instance

Parameters

Parameter	Description	Value
vpn-instance-name/vpn-name vpn-instance-name	Specifies the name of a VPN instance. This parameter is supported in the root system only.	The value must be the name of an existing VPN instance.
public	Indicates that the VPN service of a virtual system is forwarded by the root system. This parameter is supported in a virtual system only.	-

Parameter

Description

Value

vpn-instance-name/vpn-name vpn-instance-name

Specifies the name of a VPN instance.

This parameter is supported in the root system only.

The value must be the name of an existing VPN instance.

public

Indicates that the VPN service of a virtual system is forwarded by the root system.

This parameter is supported in a virtual system only.

Views

PKI realm view or CMP session view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To obtain and verify certificates, the device needs to communicate with the CA or SCEP server. When the CA or SECP server is in a VPN, add the PKI realm to the specified VPN.

Precautions

The VPN instance bound to the interface specified by the source command in the CMP session view must be the same as the VPN instance configured in the vpn-instance. If they are inconsistent, either source or vpn-instance, which is configured later, cannot be executed successfully.

Example

# Add a PKI realm to the VPN named vrf1.

<sysname> system-view
[sysname] ip vpn-instance vrf1
[sysname-vpn-instance-vrf1] route-distinguisher 22:1
[sysname-vpn-instance-vrf1-af-ipv4] quit
[sysname-vpn-instance-vrf1] quit
[sysname] pki realm abc
[sysname-pki-realm-abc] vpn-instance vrf1