R3303-HP HSR6800 Routers Security Command Reference
513
Deleting an IPsec policy from a GDOI KS group also deletes the TEK that corresponds to that IPsec policy.
Examples
# Create IPsec policy 10 for the GDOI KS group abc and enter its view.
<Sysname> system-view
[Sysname] gdoi ks group abc
[Sysname-gdoi-ks-group-abc] ipsec 10
[Sysname-gdoi-ks-group-abc-ipsec-10]
Related commands
gdoi ks group
local priority
Use local priority to configure the GDOI KS local priority.
Use undo local priority to restore the default.
Syntax
local priority priority
undo local
Default
The local priority of the GDOI KS is 1.
Views
GDOI KS group view
Default command level
2: System level
Parameters
priority: Specifies the local priority of the GDOI KS, in the range of 1 to 65535. A higher number
represents a higher priority.
Usage guidelines
The GDOI KS local priority takes effect only when KS redundancy is enabled with the redundancy enable
command.
The local priority specifies the priority of the local KS for primary KS election. A KS with a higher local
priority is more likely to be elected as the primary KS. If multiple KSs have the same priority, the KS with
the highest IP address is elected as the primary KS. When a KS is added to a GDOI KS group that
already has a primary KS, the KS can only be the secondary KS even through its priority is higher than
the primary KS priority.
Examples
# Enable GDOI KS group redundancy, and set the GDOI KS local priority to 10.
<Sysname> system-view
[Sysname] gdoi ks group abc
[Sysname-gdoi-ks-group-abc] redundancy enable
[Sysname-gdoi-ks-group-abc] local priority 10
[Sysname-gdoi-ks-group-abc]