In today’s article, I am going to tell you about the Cisco IOS privileged EXEC mode command called “clear crypto gdoi”. Network administrators (like you) use this command to clear the current session state of a member of the Group Interpretation Domain Group (GDOI) with the keyserver.

The following is the syntax of the command:

clear crypto gdoi [group group-name | ks coop counters | ks policy | replay counter]

group Group name – This (optional) combination of keywords and arguments is used to give a group a name.

ks coop counters – This keyword (optional) is used to clear the counters on the cooperative keyserver.

ks policy – This keyword (optional) is used to clear all policies that are on a keyserver. Remember, using this keyword does not trigger (trigger) re-election of key servers.

repetition counter – This keyword (optional) is used to clear the anti-repeat counters.

Note: If you run this command on a group member, their policy (status) will be removed (cleared); and you will have to re-register with the keyserver.

And, if you run this command on a keyserver, its “state” will be removed (erased). Also, if redundancy is required between servers and this command is run on one of them, it will return that server to election mode to choose a new primary server.

By the way, if you decide to use the command, make sure your router (s) are running Cisco IOS 12.4 (11) T or higher.

I hope this article was very informative and helped you quickly understand the use of the clear crypto gdoi command. If you need to learn more; I suggest you visit my website where you will find the latest information on Cisco CCNA Security Exam Techniques (640-553).

To your success,