Manualshelf

R3303-HP HSR6800 Routers Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
531532533534535536537538539540
520
Syntax
rekey encryption { 3des-cbc | aes-cbc-128 | aes-cbc-192 | aes-cbc-256 | des-cbc }
undo rekey encryption
Default
The encryption algorithm is 3des-cbc.
Views
GDOI KS group view
Default command level
2: System level
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Configure the rekey encryption algorithm as AES-CBC-192 for the GDOI KS group abc.
<Sysname> system-view
[Sysname] gdoi ks group abc
[Sysname-gdoi-ks-group-abc] rekey encryption aes-cbc-192
Related commands
gdoi ks group
rekey lifetime
Use rekey lifetime to configure the KEK lifetime.
Use undo rekey lifetime to restore the default.
Syntax
rekey lifetime seconds number-of-seconds
undo rekey lifetime seconds
Default
The KEK lifetime is 86400 seconds.
Views
GDOI KS group view
Default command level
2: System level
Parameters
seconds number-of-seconds: Specifies a time-based lifetime for KEKs, in the range of 300 to 86400
seconds.
Usage guidelines
The TEK lifetime is the IPsec SA lifetime, which is determined by the IPsec SA lifetime configured in the
IPsec profile.