pki ocsp

Configures OCSP (Online Certificate Status Protocol) on a VRF with a source interface.

Syntax

pki ocsp [source-interface { ethernet eth-id | loopback loopback-id | management mgmt-addr | ve ve-id } ]

no pki ocsp [source-interface { ethernet eth-id | loopback loopback-id | management mgmt-addr | ve ve-id } ]

Command Default

By default, OCSP is not configured.

Parameters

source-interface

Indicates the type of interface to use as the source interface or address.

ethernet eth-id: Specifies the Ethernet interface to use as the source interface, in slot/port format (0/1).
loopback loopback-id: Specifies the Loopback interface to use as the source interface.
management mgmt-addr: Specifies the management address (active MM or chassis IP) to use as the source address.
ve ve-id: Specifies the VE interface to use as the source interface.

Modes

Global configuration mode

Usage Guidelines

Customers on different networks have their OCSP responder connected to the SLX device by the management IP or the in-band IP (Ethernet port). Customers prefer that all network packets originating from a specific device be traceable to a known IP address on the device from which they originate. You can use this command to configure the source interface, where a network packet from the device is sent to a server that listens for these packets.

Use the no form of the command to delete the OCSP configuration.

When a source interface is not specified, the default source is the IP address of the interface from which the packet egresses.

If, at run time, the source interface is not up or the IP address for the source interface was not configured, the command behaves as though the source interface was not configured.

Examples

This example configures an Ethernet interface as the source address.

device# configure terminal
device(config)# pki ocsp 10.1.1.100
device(config-pki-ocsp-10.1.1.100/mgmt-vrf)# source-interface ethernet 0/1