In today’s article, I will tell you about the Cisco IOS privileged EXEC mode command called “clear crypto gdoi”. Network administrators (such as yourself) use this command to clear the current session state of a Group Domain of Interpretation (GDOI) group member with the key server.

Below is the command syntax:

clear crypto gdoi [group group-name | ks coop counters | ks policy | replay counter]

group Group name – This (optional) combination of keyword and argument is used to give a group a name.

ks coop counters – This keyword (optional) is used to clear the counters in the cooperative key server.

ks policy – This keyword (optional) is used to delete all policies found on a key server. Remember, using this keyword does not activate (trigger) re-election of keyservers.

rep counter – This keyword (optional) is used to clear anti-repeat counters.

Note: If you run this command on a member of the group, its policy (state) will be removed (erased); and you will have to re-register with the keyserver.

And, if you run this command on a key server, its “state” will be removed (erased). Also, if redundancy between servers is required and this command is run on one of them, it will return that server to election mode to elect a new primary server.

By the way, if you decide to use the command, make sure your router is running Cisco IOS 12.4(11)T or higher.

I hope this article was very informative and helped you quickly understand the use of the clear crypto gdoi command. If you need to learn more; I suggest you visit my website where you will find the latest information on Cisco CCNA Security Exam Techniques (640-553).

for your success,