Cisco CCNA (640-553) Security Exam Training - Using The "Clear Crypto Gdoi" Command

In today's article, I'm going to inform you about the Cisco IOS privileged EXEC mode command named "clear crypto gdoi." Network administrators (like you) use this command to clear the state of the current session of a Group Domain of Interpretation (GDOI) group member with the key server.

Below is the command's syntax:

clear crypto gdoi [group group-name | ks coop counters | ks policy | replay counter]

group group-name - This (optional) keyword and argument combination is used to give a group a name.

ks coop counters - This (optional) keyword is used to clear the counters on the cooperative key server.

ks policy - This (optional) keyword is used to clear all of the policies that are on a key server. Remember, when using this keyword it does not activate (trigger) the re-election of the key servers.

replay counter - This (optional) keyword is used to clear the anti-replay counters.

Note: If you perform this command on a group member, its policy (state) will be deleted (cleared); and it will have to re-register with the key server.

And, if you perform this command on a key server, its "state" will be deleted (cleared). Also, if redundancy is required between servers and this command is performed on one of them, it will cause that server to go back into election mode to elect a new primary server.

By the way, if you decide to use the command, make sure your router(s) is running Cisco IOS 12.4(11)T or higher.

I hope this article was very informative and helped you quickly understand the usage of the clear crypto gdoi command. If you need to learn more; I suggest you visit my website, were you'll find the latest information regarding the Cisco CCNA (640-553) Security exam techniques.

To your success,

Post a Comment

0 Comments