如何强制 Cisco 2811 重新密钥

Question 1

我不记得曾经看到过任何强制重新密钥的东西；他可能只是清除了安全关联并让它建立一个新的。 clear crypto sa peer x.x.x.x将保留第 1 阶段并重建第 2 阶段，clear crypto isakmp id使用 idshow crypto isakmp sa将重置整个隧道。

Answer

我不记得曾经看到过任何强制重新密钥的东西；他可能只是清除了安全关联并让它建立一个新的。 clear crypto sa peer x.x.x.x将保留第 1 阶段并重建第 2 阶段，clear crypto isakmp id使用 idshow crypto isakmp sa将重置整个隧道。

Question 2

刚刚检查了我的一个。您有以下选择：

 R1#clear crypto ?
  call     Clear crypto call admission info
  ipsec    IPSec
  isakmp   Flush the ISAKMP database
  mtree    Clear Mtree Manager Command Stats
  sa       Clear all crypto SAs
  session  clear crypto sessions (tunnels)

R1#clear crypto isa
R1#clear crypto isakmp ?
  <0-32766>  connection id of SA
  <cr>

R1#clear crypto sa ?
  counters  Reset the SA counters
  map       Clear all SAs for a given crypto map
  peer      Clear all SAs for a given crypto peer
  spi       Clear SA by SPI
  vrf       VRF (Routing/Forwarding) instance
  <cr>

R1#clear crypto sa peer
R1#clear crypto sa peer ?
  A.B.C.D  Crypto peer name/address
  vrf      VRF (Routing/Forwarding) instance

R1#clear crypto sa peer

clear crypto sa peer 就可以了

Answer

刚刚检查了我的一个。您有以下选择：

 R1#clear crypto ?
  call     Clear crypto call admission info
  ipsec    IPSec
  isakmp   Flush the ISAKMP database
  mtree    Clear Mtree Manager Command Stats
  sa       Clear all crypto SAs
  session  clear crypto sessions (tunnels)

R1#clear crypto isa
R1#clear crypto isakmp ?
  <0-32766>  connection id of SA
  <cr>

R1#clear crypto sa ?
  counters  Reset the SA counters
  map       Clear all SAs for a given crypto map
  peer      Clear all SAs for a given crypto peer
  spi       Clear SA by SPI
  vrf       VRF (Routing/Forwarding) instance
  <cr>

R1#clear crypto sa peer
R1#clear crypto sa peer ?
  A.B.C.D  Crypto peer name/address
  vrf      VRF (Routing/Forwarding) instance

R1#clear crypto sa peer

clear crypto sa peer 就可以了

如何强制 Cisco 2811 重新密钥

答案1

答案2

相关内容