R3303-HP HSR6800 Routers Security Command Reference
510
Default
The GDOI KS listens to UDP port 19000 for redundancy protocol packets.
Views
System view
Default command level
2: System level
Parameters
port-number: Specifies a UDP port number in the range of 1 to 65535.
Usage guidelines
A GDOI KS uses the UDP port number configured in this command to send and receive redundancy
protocol packets to and from other KSs. All KSs in the same GDOI KS group must use the same UDP port
number. Otherwise, redundancy protocol packets cannot be exchanged between the KSs.
Examples
# Set the UDP port number for listening to redundancy protocol packets to 20000.
<Sysname> system-view
[Sysname] gdoi ks redundancy port 20000
Related commands
gdoi ks group
gdoi ks rekey
Use gdoi ks rekey to enforce rekey.
Syntax
gdoi ks rekey [ group group-name ]
Views
User view
Default command level
2: System level
Parameters
group group-name: Specifies a GDOI KS group by its name, a case-sensitive string of 1 to 63 characters.
If you do not specify this option, the command clears KS information for all GDOI KS groups on the local
KS.
Usage guidelines
A rekey refers to the process that a KS updates the TEK or KEK key and then sends the updated key to
GMs.
Typically, a GDOI KS performs rekeys periodically. A KEK rekey interval is configured by the rekey
lifetime command. A TEK rekey interval is determined by the IPsec SA lifetime. To trigger KSs to perform
rekeys immediately, execute this command.
You can use the display gdoi ks rekey command and the display gdoi ks policy command to view rekey
statistics and key information.