R2511-HP MSR Router Series Security Command Reference(V5)
567
[Sysname-gdoi-ks-group-abc] redundancy retransmit interval 30 number 3
Related commands
display gdoi ks
rekey acl
Use rekey acl to specify the rekey ACL, which specifies the source and destination addresses for multicast
rekey messages.
Use undo rekey acl to remove the rekey ACL.
Syntax
rekey acl { access-list-number | name access-list-name }
undo rekey acl
Default
No source or destination address is specified for multicast rekey messages.
Views
GDOI KS group view
Default command level
2: System level
Parameters
access-list-number: Specifies an ACL by its number in the range of 3000 to 3999.
name access-list-name: Specifies an ACL by its name, a case-insensitive string of 1 to 63 characters.
Usage guidelines
If multicast rekey method is used, you must specify the rekey ACL. Otherwise, the KS cannot generate the
KEK or send rekey messages.
If the source address command is configured, the source address of the multicast rekey message is that
configured by the source address command.
If the source address command is not configured, you must specify a source address in the first rule of the
rekey ACL. The multicast rekey messages use the specified source address.
The KS ignores the permit or deny keyword in rules of the rekey ACL.
Examples
# Specify ACL 3000 as the rekey ACL for the GDOI KS group abc.
<Sysname> system-view
[Sysname]gdoi ks group abc
[Sysname-gdoi-ks-group-abc] rekey acl 3000
Related commands
• gdoi ks group
• source address
rekey authentication
Use rekey authentication to specify the key pair to be used by the KS during a rekey.