Cisco CCNA (640-553) Security Exam Training – Using The "Clear Crypto Gdoi" Command


In today's article, I will inform you about ordering the privileged EXEC mode from Cisco IOS named "clear crypto gdoi". Network administrators (like you) use this command to clear the current session state of a member of the Group Domain of Interpretation (GDOI) group with the key server.

Here is the syntax of the command:

erase crypto gdoi ((group group name | ks coop counters | political ks | replay counter)

group group name – This combination of keywords and arguments (optional) is used to group a name.

ks coop counters – This keyword (optional) is used to clear the counters on the cooperative key server.

political ks – This keyword (optional) is used to delete all the policies found on a key server. Remember that when you use this keyword, it does not activate (does not trigger) the re-election of key servers.

replay counter – This keyword (optional) is used to clear the anti-replay counters.

Note: If you execute this command on a member of the group, its policy (status) will be deleted (deleted); and he will have to re-register with the key server.

And, if you execute this command on a key server, its "state" will be deleted (erased). In addition, if redundancy is required between the servers and this command is executed on one of them, it will cause this server to return to election mode to elect a new main server.

Also, if you decide to use the command, make sure your router (s) are running Cisco IOS 12.4 (11) T or higher.

I hope this article has been very informative and has helped you quickly understand the use of the clear crypto gdoi command. If you need to know more; I suggest you visit my website, where you will find the latest information regarding Cisco CCNA security review techniques (640-553).

For your success,

Comments are closed.