167
Step Command Remarks
2. Enter encryption card
interface view.
interface encrypt
interface-number
N/A
3. Bind an IPsec policy, policy
group, or IPsec profile to the
encryption card.
ipsec binding policy
policy-name [ seq-number ]
[
primary
]
By default, an encryption card
interface is bound with no IPsec
policy, policy group, or IPsec
profile.
The seq-number argument is not
required when an IPsec profile,
uniquely identified by its name, is
bound to an encryption card.
Enabling the encryption engine
The encryption engine is a coprocessor that provides an encryption/decryption algorithm interface
for IPsec processing.
If an encryption card is bound, IPsec processing is performed by the card as long as it operates
correctly. If the encryption card fails, the matching packets are discarded.
If no encryption card is bound, there are two cases:
• If the encryption engine is enabled, the engine takes over the responsibility of IPsec processing.
• If the encryption engine is disabled or has failed but the IPsec module backup function is
enabled, the IPsec module takes over the responsibility of IPsec processing. If the IPsec
module backup function is disabled, the matching packets are discarded.
To enable the encryption engine:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enable the encryption
engine.
cryptoengine enable
Optional.
3. Enable the encryption
engine.
cryptoengine enable
[
slot
slot-number ]
Optional.
Enabling the IPsec module backup function
The following matrix shows the feature and hardware compatibility:
Hardware Feature compatibility
MSR900 No
MSR93X Yes
MSR20-1X No
MSR20 Yes
MSR30 Yes
MSR50 Yes
MSR1000 No
To enable the IPsec module backup function:
To Next Page
Loading...
Need help?
General
