Cisco CCNA Security Exam Training (640-553) – Using the Clear Crypto Gdoi Command

In today’s article, I will inform you about the Cisco IOS privileged EXEC command called “clear crypto gdoi”. Network administrators (like you) use this command to clear the current session state of a Group Domain Interpretation Group (GDOI) member with the key server.

Below is the syntax of the command:

clear crypto gdoi [group group-name | ks coop counters | ks policy | replay counter]

group group name – This (optional) combination of keyword and argument is used to give a group name.

ks coop counters – This (optional) keyword is used to clear the cooperative keyword server counters.

ks policy – This (optional) keyword is used to clear all rules that are on a key server. Remember that when you use this keyword, it does not activate (trigger) re-selection of key servers.

repetition counter – This (optional) keyword is used to clear anti-repeat counters.

Note: If you execute this command on a member of the group, its policy (status) will be deleted (cleared); and will need to register again with the key server.

And if you run this command on a key server, its “state” will be deleted (cleared). Additionally, if duplication is required between servers and this command is executed on one of them, this will cause that server to return to selection mode to select a new primary server.

By the way, if you decide to use the command, make sure your router (s) are running Cisco IOS 12.4 (11) T or later.

I hope this article was very informative and helped you quickly understand the use of the clear crypto gdoi command. If you need to learn more; I suggest you visit my website for the latest information on Cisco CCNA Security Exam Techniques (640-553).

For your success,