Manualshelf

R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
461462463464465466467468469470
72
To configure GDOI KS redundancy:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Configure the UDP port
number for listening to
redundancy protocol
packets.
gdoi ks redundancy port port-number
By default, the KS listens to UDP
port 19000 for redundancy
protocol packets.
3. Enter GDOI KS group view.
gdoi ks group group-name
N/A
4. Specify a peer KS.
peer address ip-address
By default, no peer KS is
specified.
5. (Optional.) Configure a
local priority.
local priority priority
By default, the local priority is 1.
6. Enable GDOI KS
redundancy.
redundancy enable
By default, GDOI KS
redundancy is disabled.
7. (Optional.) Configure the
redundancy hello packet
sending interval and the
maximum number of
consecutive failures
allowed in receiving
redundancy hello packets.
redundancy hello { interval interval |
number number } *
By default, the redundancy hello
packet sending interval for the
primary KS is 20 seconds. A
secondary KS initiates primary
KS re-election when it failed to
receive redundancy hello
packets from the primary KS for
3 times consecutively.
8. (Optional.) Configure the
redundancy protocol
packet retransmission
interval and the maximum
number of retransmissions.
redundancy retransmit { interval interval
| number number } *
By default, the retransmission
interval is 10 seconds, and the
maximum number of
retransmissions is 2.
Specifying the source address for packets sent by the KS
Perform this task to specify the source address for GROUPKEY-PUSH protocol packets and redundancy
protocol packets sent by the KS.
To specify the source address for packets sent by the KS:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter GDOI KS group view.
gdoi ks group group-name
N/A
3. Specify the source address
for packets sent by the KS.
source address ip-address
By default, the KS uses the
source address specified in the
first rule of the rekey ACL as the
source address of sent packets.
For information about the rekey
ACL, see "Configuring basic
settings for a GDOI KS group."