Login
- Table of Contents
-
- 11-Security Command Reference
- 00-Preface
- 01-AAA commands
- 02-Portal commands
- 03-User profile commands
- 04-Password control commands
- 05-Keychain commands
- 06-Public key management commands
- 07-PKI commands
- 08-IPsec commands
- 09-Group domain VPN commands
- 10-SSH commands
- 11-SSL commands
- 12-SSL VPN commands
- 13-ASPF commands
- 14-APR commands
- 15-Session management commands
- 16-Connection limit commands
- 17-Object group commands
- 18-Object policy commands
- 19-Attack detection and prevention commands
- 20-ARP attack protection commands
- 21-ND attack defense commands
- 22-uRPF commands
- 23-Crypto engine commands
- 24-FIPS commands
- 25-SMA commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 23-Crypto engine commands | 33.96 KB |
Crypto engine commands
display crypto-engine
Use display crypto-engine to display crypto engine information, including crypto engine names and supported algorithms.
Syntax
display crypto-engine
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Usage guidelines
If the device does not have hardware crypto engines, this command displays information only about software crypto engines.
Examples
# Display crypto engine information.
<Sysname> display crypto-engine
Crypto engine name: cavium crypto driver
Crypto engine state: Enabled
Crypto engine type: Hardware
Slot ID: 0
CPU ID: 0
Crypto engine ID: 0
Symmetric algorithms: des-ecb 3des-cbc 3des-ecb aes-cbc aes-ecb aes-ctr camellia_cbc sha1 sha2-256 sha2-384 sha2-512 md5-hmac sha1hmac sha2-256-hmac sha2-384-hmac sha2-512-hmac
Asymmetric algorithms: dh-group1 dh-group2 dh-group5 dh-group14 dh-group24
Random number generation function: Supported
Crypto engine name: Software crypto engine
Crypto engine state: Enabled
Crypto engine type: Software
CPU ID: 0
Slot ID: 0
Crypto engine ID: 1
Symmetric algorithms: des-cbc des-ecb 3des-ecb aes-ecb sha1 sha2-256 sha1-hmac sha2-256-hmac
Asymmetric algorithms:
Random number generation function: Supported
# (Devices without hardware crypto engines.) Display crypto engine information.
<Sysname> display crypto-engine
Crypto engine name: Software crypto engine
Crypto engine state: Enabled
Crypto engine type: Software
Slot ID: 0
CPU ID: 0
Crypto engine ID: 0
Symmetric algorithms: des-cbc des-ecb 3des-ecb aes-ecb sha1 sha2-256 sha1-hmac sha2-256-hmac
Asymmetric algorithms:
Random number generation function: Supported
Table 1 Command output
|
Field |
Description |
|
Crypto engine state |
Hardware crypto engine states: · Enabled. · Disabled. This field always displays Enabled for software crypto engines. |
|
Crypto engine type |
Crypto engine types: · Hardware. · Software. |
|
Slot ID |
ID of the LPU that holds the crypto engine. |
|
Symmetric algorithms |
Supported symmetric algorithms. |
|
Asymmetric algorithms |
Supported asymmetric algorithms. |
|
Random number generation function |
Whether random number generation function is supported: · Supported. · Not supported. |
Related commands
crypto-engine accelerator disable
display crypto-engine statistics
Use display crypto-engine statistics to display crypto engine statistics, including the number of established sessions and the number of operations performed by crypto engines.
Syntax
display crypto-engine statistics [ engine-id engine-id slot slot-number ]
In IRF mode:
display crypto-engine statistics [ engine-id engine-id chassis chassis-number slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
engine-id engine-id: Specifies a crypto engine by its ID. The value range for the engine-id argument is 0 to 4294967295.
slot slot-number: Specifies the slot number of the device, which is fixed at 0. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the device, which is fixed at 0. If you do not specify an IRF member device, this command displays crypto engine statistics for all IRF member devices. (In IRF mode.)
Usage guidelines
If hardware crypto engines are not enabled or the device does not have hardware crypto engines, this command displays statistics only for software crypto engines.
Examples
# Display statistics for all crypto engines.
<Sysname> display crypto-engine statistics
Slot ID: 0
CPU ID: 0
Crypto engine ID: 0
Submitted sessions: 0
Failed sessions: 0
Symmetric operations: 0
Symmetric errors: 0
Asymmetric operations: 0
Asymmetric errors: 0
Get-random operations: 0
Get-random errors: 0
Slot ID: 2
CPU ID: 0
Crypto engine ID: 0
Submitted sessions: 0
Failed sessions: 0
Symmetric operations: 0
Symmetric errors: 0
Asymmetric operations: 0
Asymmetric errors: 0
Get-random operations: 0
Get-random errors: 0
# (In standalone mode.) Display statistics for all crypto engines.
<Sysname> display crypto-engine statistics
Slot ID: 0
CPU ID: 0
Crypto engine ID: 0
Submitted sessions: 0
Failed sessions: 0
Symmetric operations: 0
Symmetric errors: 0
Asymmetric operations: 0
Asymmetric errors: 0
Get-random operations: 0
Get-random errors: 0
Slot ID: 2
CPU ID: 0
Crypto engine ID: 0
Submitted sessions: 0
Failed sessions: 0
Symmetric operations: 0
Symmetric errors: 0
Asymmetric operations: 0
Asymmetric errors: 0
Get-random operations: 0
Get-random errors: 0
# (In IRF mode.) Display statistics for all crypto engines.
<Sysname> display crypto-engine statistics
Chassis ID: 1
Slot ID: 0
CPU ID: 0
Crypto engine ID: 0
Submitted sessions: 0
Failed sessions: 0
Symmetric operations: 0
Symmetric errors: 0
Asymmetric operations: 0
Asymmetric errors: 0
Get-random operations: 0
Get-random errors: 0
Chassis ID: 1
Slot ID: 2
CPU ID: 0
Crypto engine ID: 0
Submitted sessions: 0
Failed sessions: 0
Symmetric operations: 0
Symmetric errors: 0
Asymmetric operations: 0
Asymmetric errors: 0
Get-random operations: 0
Get-random errors: 0
Table 2 Command output
|
Field |
Description |
|
Submitted sessions |
Number of established sessions. |
|
Failed sessions |
Number of failed sessions. |
|
Symmetric operations |
Number of operations using symmetric algorithms. |
|
Symmetric errors |
Number of failed operations using symmetric algorithms. |
|
Asymmetric operations |
Number of operations using asymmetric algorithms. |
|
Asymmetric errors |
Number of failed operations using asymmetric algorithms. |
|
Get-random operations |
Number of operations for obtaining random numbers. |
|
Get-random errors |
Number of failed operations for obtaining random numbers. |
Related commands
reset crypto-engine statistics
reset crypto-engine statistics
Use reset crypto-engine statistics to clear crypto engine statistics.
Syntax
In standalone mode:
reset crypto-engine statistics [ engine-id engine-id slot slot-number ]
In IRF mode:
reset crypto-engine statistics [ engine-id engine-id chassis chassis-number slot slot-number ]
Views
User view
Predefined user roles
network-admin
mdc-admin
Parameters
engine-id engine-id: Specifies a crypto engine by its ID. The value range for the engine-id argument is 0 to 4294967295.
slot slot-number: Specifies the slot number of the device, which is fixed at 0. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the device, which is fixed at 0. If you do not specify an IRF member device, this command clears crypto engine statistics for all IRF member devices. (In IRF mode.)
Examples
# Clear statistics for all crypto engines.
<Sysname> reset crypto-engine statistics
Related commands
