R3303-HP HSR6800 Routers Security Command Reference
518
On a not-so-good network, you can increase the retransmission interval or retransmission number to
avoid KS split. If a KS loses contact with the primary KS, it will split from the KS group and elect itself as
the primary KS. Then, the KS group might have multiple primary KSs.
Examples
# Set the redundancy protocol packets retransmission interval to 30 seconds, and the maximum number
of retransmissions to 3.
<Sysname> system-view
[Sysname] gdoi ks group abc
[Sysname-gdoi-ks-group-abc] redundancy retransmit interval 30 number 3
Related commands
display gdoi ks
rekey acl
Use rekey acl to specify the rekey ACL, which specifies the source and destination addresses for multicast
rekey messages.
Use undo rekey acl to remove the rekey ACL.
Syntax
rekey acl { access-list-number | name access-list-name }
undo rekey acl
Default
No source or destination address is specified for multicast rekey messages.
Views
GDOI KS group view
Default command level
2: System level
Parameters
access-list-number: Specifies an ACL by its number in the range of 3000 to 3999.
name access-list-name: Specifies an ACL by its name, a case-insensitive string of 1 to 63 characters.
Usage guidelines
If multicast rekey method is used, you must specify the rekey ACL. Otherwise, the KS cannot generate the
KEK or send rekey messages.
If the source address command is configured, the source address of the multicast rekey message is that
configured by the source address command.
If the source address command is not configured, you must specify a source address in the first rule of the
rekey ACL, and the multicast rekey messages use the specified source address.
The KS ignores the permit or deny keyword in rules of the rekey ACL.
Examples
# Specify ACL 3000 as the rekey ACL for the GDOI KS group abc.
<Sysname> system-view