R2511-HP MSR Router Series Security Configuration Guide(V5)
471
• The IP address of a peer KS specified on the local KS must be the same as the source address that
the peer KS uses to send redundancy protocol packets.
To configure GDOI KS redundancy:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Configure the UDP port
number for listening to
redundancy protocol
packets.
gdoi ks redundancy port port-number
By default, the KS listens to UDP
port 19000 for redundancy
protocol packets.
3. Enter GDOI KS group view.
gdoi ks group group-name
N/A
4. Specify a peer KS.
peer address ip-address
By default, no peer KS is
specified.
5. Configure a local priority.
local priority priority
Optional.
By default, the local priority is 1.
6. Enable GDOI KS
redundancy.
redundancy enable
By default, GDOI KS
redundancy is disabled.
7. Configure the redundancy
hello packet sending
interval and the maximum
number of consecutive
failures allowed in
receiving redundancy hello
packets.
redundancy hello { interval interval |
number number } *
Optional.
The default settings are as
follows:
• As the primary KS, the
device sends redundancy
hello packets regularly at an
interval of 20 seconds.
• As a secondary KS, the
device initiates primary KS
re-election when it failed to
receive redundancy hello
packets from the primary KS
for 3 times consecutively.
8. Configure the redundancy
protocol packet
retransmission interval and
the maximum number of
retransmissions.
redundancy retransmit { interval interval
| number number } *
Optional.
By default, the retransmission
interval is 10 seconds, and the
maximum number of
retransmissions is 2.
Specifying the source address for packets sent by the KS
Perform this task to specify the source address for GROUPKEY-PUSH protocol packets and redundancy
protocol packets sent by the KS.
To specify the source address for packets sent by the KS:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter GDOI KS group view.
gdoi ks group group-name
N/A