EasyManuals Logo
Home>HPE>Network Router>FlexNetwork MSR Series

HPE FlexNetwork MSR Series Comware 5 Security Configuration Guide

HPE FlexNetwork MSR Series
547 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #474 background imageLoading...
Page #474 background image
461
To configure rekey parameters:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter GDOI KS group view.
gdoi ks group
group-name
N/A
3. Specify the encryption
algorithm used by the KEK.
rekey encryption
{
3des-cbc
|
aes-cbc-128
|
aes-cbc-192
|
aes-cbc-256
|
des-cbc
}
Optional.
By default, the KEK uses the
3DES-CBC encryption
algorithm.
4. Specify the lifetime of the
KEK.
rekey lifetime seconds
number-of-seconds
Optional.
By default, the KEK lifetime is
86400 seconds.
5. Enable unicasting rekey
messages.
rekey transport unicast
Optional.
By default, the KS multicasts
rekey messages.
6. Specify the interval between
rekey retransmissions and
the maximum number of
retransmissions.
rekey retransmit
{
interval
interval
|
number
number } *
Optional.
By default, the retransmission
interval is 10 seconds, and the
maximum number of
retransmissions is 2.
Displaying and maintaining GDOI KS
Execute display commands in any view and reset commands in user view.
Task Command
Display GDOI KS group information.
display gdoi ks
[
group
group-name ]
Display GDOI KS group ACL information.
display gdoi ks acl
[
group
group-name ]
Display GDOI KS redundancy information.
display gdoi ks redundancy
[
group
group-name ]
Display information about online GDOI KS
group members.
display gdoi ks members
[
group
group-name
] [
ip
ip-address ]
Display GDOI KS group rekey information.
display
gdoi
ks rekey
[
group
group-name ]
Display GDOI KS group policy information.
display gdoi ks policy
[
group
group-name ]
Clear GDOI KS group information.
reset gdoi ks
[
group
group-name ]
Reset GDOI KS redundancy roles.
reset gdoi ks redundancy role
[
group
group-name
]
Clear GDOI KS group member information.
reset gdoi ks members
[
group
group-name ]
Enforce rekey.
gdoi ks rekey
[
group
group-name ]
Configuring the GDOI GM
The GDOI GM needs IKE settings that include an IKE proposal and an IKE peer used for phase-1
IKE negotiation. The IKE peer is identified by the IP address of the KS. For information about IKE
configuration, see "Configuring IKE."

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Preview: Configuration Guide
Configuration Guide861 pages
Preview: Comware 7 Layer 3 - Ip Services Configuration Guides
Comware 7 Layer 3 - Ip Services Configuration Guides554 pages
Preview: Guide
Guide213 pages
Preview: Command Reference
Command Reference120 pages
Preview: Comware 5 Layer 2 - Wan Access Configuration Guide
Comware 5 Layer 2 - Wan Access Configuration Guide420 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork MSR Series and is the answer not in the manual?

HPE FlexNetwork MSR Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork MSR Series
CategoryNetwork Router
LanguageEnglish

Related product manuals