Filter
Top Products
2120 CHAPTER 140: IPSEC CONFIGURATION COMMANDS
Parameter None
Description Use the
cryptoswitch fabric enable command to enable the encryption switch
fabric.
Use the
undo cryptoswitch fabric enable command to disable the encryption
switch fabric.
■ If an encryption card is bound, IPSec processing is performed by the card as
long as it works properly. If the encryption card fails, the encryption switch
fabric cannot automatically substitute the encryption card for IPSec processing
even the encryption switch fabric is enabled. This is also the case for the IPSec
module backup function. In this case, the matched packets are discarded until
you manually remove the binding between an IPSec policy (group) and an
encryption card.
If no encryption card is bound, there are also two cases:
■ If the encryption switch fabric is enabled, it takes over the responsibility of
IPSec processing;
■ If the encryption switch fabric is disabled or has failed but the IPSec module
backup function is enabled, the IPSec module takes over the responsibility of
IPSec processing; if the IPSec module backup function is disabled, the matched
packets are discarded.
By default, the encryption switch fabric is enabled.
Example # Enable the encryption switch fabric.
<Sysname> system-view
[Sysname] cryptoswitch fabric enable
display encrypt-card fast-switch
Syntax display encrypt-card fast-switch
View Any view
Parameter None
Description Use the
display encrypt-card fast-switch command to display the contents of
the encryption card fast switching cache.
Parameter # Display the contents of the encryption card fast switching cache.
<sysname> display encrypt-card fast-switch
encrypt-card Fast-Forwarding cache: (200 times matched)
--------------------------------------------------------------------------
Index SourIP SourPort DestIP DestPort Prot TdbID ENC/DEC
38 11.1.1.1 8 11.1.1.2 0 1 0x00000002 encrypt
139 11.1.1.2 0 11.1.1.1 0 50 0x00000001 decrypt