R2511-HP MSR Router Series Security Command Reference(V5)
569
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Configure the rekey encryption algorithm as AES-CBC-192 for the GDOI KS group abc.
<Sysname> system-view
[Sysname] gdoi ks group abc
[Sysname-gdoi-ks-group-abc] rekey encryption aes-cbc-192
Related commands
gdoi ks group
rekey lifetime
Use rekey lifetime to configure the KEK lifetime.
Use undo rekey lifetime to restore the default.
Syntax
rekey lifetime seconds number-of-seconds
undo rekey lifetime seconds
Default
The KEK lifetime is 86400 seconds.
Views
GDOI KS group view
Default command level
2: System level
Parameters
seconds number-of-seconds: Specifies a time-based lifetime for KEKs, in the range of 300 to 86400
seconds.
Usage guidelines
The TEK lifetime is the IPsec SA lifetime, which is determined by the IPsec SA lifetime configured in the
IPsec profile.
Examples
# Configure the KEK lifetime as 3600 seconds for the GDOI KS group abc.
<Sysname> system-view
[Sysname]gdoi ks group abc
[Sysname-gdoi-ks-group-abc] rekey lifetime seconds 3600
Related commands
gdoi ks group
rekey retransmit
Use rekey retransmit to specify the interval between rekey retransmissions and the maximum number of
retransmissions.