Rekey Authentication - HPE FlexNetwork HSR6800 Security Command Reference
Hide thumbs
Also See for FlexNetwork HSR6800:
- Configuration manual (503 pages) ,
- Command reference manual (153 pages) ,
- Product end-of-life disassembly instructions (2 pages)
Table of Contents
Advertisement
Parameters
access-list-number: Specifies an ACL by its number in the range of 3000 to 3999.
name access-list-name: Specifies an ACL by its name, a case-insensitive string of 1 to 63
characters.
Usage guidelines
If multicast rekey method is used, you must specify the rekey ACL. Otherwise, the KS cannot
generate the KEK or send rekey messages.
If the source address command is configured, the source address of the multicast rekey message is
that configured by the source address command.
If the source address command is not configured, you must specify a source address in the first rule
of the rekey ACL, and the multicast rekey messages use the specified source address.
The KS ignores the permit or deny keyword in rules of the rekey ACL.
Examples
# Specify ACL 3000 as the rekey ACL for the GDOI KS group abc.
<Sysname> system-view
[Sysname]gdoi ks group abc
[Sysname-gdoi-ks-group-abc] rekey acl 3000
Related commands
•
gdoi ks group
•
source address
rekey authentication
Use rekey authentication to specify the key pair to be used by the KS during a rekey.
Use undo rekey authentication to remove the specified key pair.
Syntax
rekey authentication public-key rsa key-name
undo rekey authentication
Default
No key pair is specified for a rekey.
Views
GDOI KS group view
Default command level
2: System level
Parameters
public-key: Specifies the local key pair.
rsa: Specifies the public key algorithm as RSA.
key-name: Specifies the key pair name, a case-insensitive string of 1 to 64 characters.
Usage guidelines
The KS sends the public key of the key pair to GMs in rekey messages. The GMs use the public key
to authenticate the rekey messages from the KS.
494
Advertisement
Table of Contents
