- Table of Contents
-
- 16-Security Command Reference
- 00-Preface
- 01-ACL commands
- 02-APR commands
- 03-ARP attack protection commands
- 04-ASPF commands
- 05-IP source guard commands
- 06-IPsec commands
- 07-ND attack defense commands
- 08-Password control commands
- 09-PKI commands
- 10-SSH commands
- 11-SSL commands
- 12-SSL VPN commands
- 13-URL filtering commands
- 14-User profile commands
- 15-Bandwidth management commands
- 16-Public key management commands
- 17-Attack detection and prevention commands
- 18-Session management commands
- 19-Connection limit commands
- 20-Crypto engine commands
- 21-Time range commands
- 22-Protocol packet rate limit commands
- 23-DPI engine commands
- Related Documents
-
Title | Size | Download |
---|---|---|
20-Crypto engine commands | 49.51 KB |
Crypto engine commands
The following compatibility matrixes show the support of hardware platforms for crypto engines:
Hardware series |
Model |
Product code |
Crypto engine compatibility |
WX1800H series |
WX1804H |
EWP-WX1804H-PWR-CN |
Yes |
WX2500H series |
WX2508H-PWR-LTE WX2510H WX2510H-F WX2540H WX2540H-F WX2560H |
EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H |
Yes: WX2508H-PWR-LTE No: · WX2510H · WX2510H-F · WX2540H · WX2540H-F · WX2560H |
WX3000H series |
WX3010H WX3010H-X WX3010H-L WX3024H WX3024H-L WX3024H-F |
EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F |
No |
WX3500H series |
WX3508H WX3510H WX3520H WX3520H-F WX3540H |
EWP-WX3508H EWP-WX3510H EWP-WX3520H EWP-WX3520H-F EWP-WX3540H |
No: WX3508H Yes: · WX3510H · WX3520H · WX3520H-F · WX3540H |
WX5500E series |
WX5510E WX5540E |
EWP-WX5510E EWP-WX5540E |
Yes |
WX5500H series |
WX5540H WX5560H WX5580H |
EWP-WX5540H EWP-WX5560H EWP-WX5580H |
Yes |
Access controller modules |
LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F |
LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F |
Yes |
Hardware series |
Model |
Product code |
Crypto engine compatibility |
WX1800H series |
WX1804H WX1810H WX1820H WX1840H |
EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL |
Yes: · WX1804H · WX1810H · WX1820H No: WX1840H |
WX3800H series |
WX3820H WX3840H |
EWP-WX3820H-GL EWP-WX3840H-GL |
Yes |
WX5800H series |
WX5860H |
EWP-WX5860H-GL |
Yes |
The WX1800H series, WX2500H series, and WX3000H series access controllers do not support parameters or commands that are available only in IRF mode.
display crypto-engine
Use display crypto-engine to display crypto engine information.
Syntax
display crypto-engine
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
If the device does not have hardware crypto engines, this command displays information only about software crypto engines.
Examples
# Display crypto engine information.
<Sysname> display crypto-engine
Crypto engine name: Software crypto engine
Crypto engine state: Enabled
Crypto engine type: Software
Slot ID: 1
CPU ID: 0
Crypto engine ID: 0
Symmetric algorithms: des-cbc des-ecb 3des-cbc aes-cbc aes-ecb aes-ctr camellia_cbc md5 sha1 sha2-256 sha2-384 sha2-512 md5-hmac sha1-hmac sha2-256-hmac sha2-384-hmac sha2-512-hmac aes-xcbc aes-xcbc-hmac
Asymmetric algorithms:
Random number generation function: Supported
Crypto engine name: SAE-XLP
Crypto engine state: Enabled
Crypto engine type: Hardware
Slot ID: 1
CPU ID: 0
Crypto engine ID: 1
Symmetric algorithms: des-cbc des-ecb 3des-cbc 3des-ecb aes-cbc aes-ecb rc4 md5 sha1 md5-hmac sha1-hmac
Asymmetric algorithms:
Random number generation function: Supported
# Display crypto engine information.
<Sysname> display crypto-engine
Crypto engine name: Software crypto engine
Crypto engine state: Enabled
Crypto engine type: Software
Slot ID: 1
CPU ID: 0
Crypto engine ID: 0
Symmetric algorithms: des-cbc des-ecb 3des-cbc aes-cbc aes-ecb aes-ctr camellia_cbc md5 sha1 sha2-256 sha2-384 sha2-512 md5-hmac sha1-hmac sha2-256-hmac sha2-384-hmac sha2-512-hmac aes-xcbc aes-xcbc-hmac
Asymmetric algorithms:
Random number generation function: Supported
Table 1 Command output
Field |
Description |
Crypto engine state |
Hardware crypto engine state: · Enabled. · Disabled. This field always displays Enabled for software crypto engines. |
Crypto engine type |
Crypto engine type: · Hardware. · Software. |
Symmetric algorithms |
Supported symmetric algorithms. |
Asymmetric algorithms |
Supported asymmetric algorithms. |
Random number generation function |
Whether random number generation function is supported: · Supported. · Not supported. |
display crypto-engine statistics
Use display crypto-engine statistics to display crypto engine statistics.
Syntax
In standalone mode:
display crypto-engine statistics [ engine-id engine-id ]
In IRF mode:
display crypto-engine statistics [ engine-id engine-id slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
engine-id engine-id: Specifies a crypto engine by its ID.The value range for the engine-id argument is 0 to 4294967295
slot slot-number: Specifies an IRF member device by its member ID. (In IRF mode.)
Usage guidelines
If hardware crypto engines are not enabled or the device does not have hardware crypto engines, this command displays statistics only for software crypto engines.
(In standalone mode.) If you do not specify any parameters, this command displays statistics for all crypto engines.
(In IRF mode.) If you do not specify any parameters, this command displays crypto engine statistics for all member devices.
Examples
# (In standalone mode.) Display all crypto engine statistics.
<Sysname> display crypto-engine statistics
Submitted sessions: 0
Failed sessions: 0
Symmetric operations: 0
Symmetric errors: 0
Asymmetric operations: 0
Asymmetric errors: 0
Get-random operations: 0
Get-random errors: 0
# (In IRF mode.) Display all crypto engine statistics.
<Sysname> display crypto-engine statistics
Slot ID: 1
CPU ID: 0
Crypto engine ID: 0
Submitted sessions: 0
Failed sessions: 0
Symmetric operations: 0
Symmetric errors: 0
Asymmetric operations: 0
Asymmetric errors: 0
Get-random operations: 0
Get-random errors: 0
# (In standalone mode.) Display statistics for crypto engine 1.
<Sysname> display crypto-engine statistics engine-id 1
Submitted sessions: 0
Failed sessions: 0
Symmetric operations: 0
Symmetric errors: 0
Asymmetric operations: 0
Asymmetric errors: 0
Get-random operations: 0
Get-random errors: 0
# (In IRF mode.) Display statistics for crypto engine 1 on the specified slot.
<Sysname> display crypto-engine statistics engine-id 1 slot 1
Submitted sessions: 0
Failed sessions: 0
Symmetric operations: 0
Symmetric errors: 0
Asymmetric operations: 0
Asymmetric errors: 0
Get-random operations: 0
Get-random errors: 0
Table 2 Command output
Field |
Description |
Submitted sessions |
Number of established sessions. |
Failed sessions |
Number of failed sessions. |
Symmetric operations |
Number of operations using symmetric algorithms. |
Symmetric errors |
Number of failed operations using symmetric algorithms. |
Asymmetric operations |
Number of operations using asymmetric algorithms. |
Asymmetric errors |
Number of failed operations using asymmetric algorithms. |
Get-random operations |
Number of operations for obtaining random numbers. |
Get-random errors |
Number of failed operations for obtaining random numbers. |
Related commands
reset crypto-engine statistics
reset crypto-engine statistics
Use reset crypto-engine statistics to clear crypto engine statistics.
Syntax
In standalone mode:
reset crypto-engine statistics [ engine-id engine-id ]
In IRF mode:
reset crypto-engine statistics [ engine-id engine-id slot slot-number ]
Views
User view
Predefined user roles
network-admin
Parameters
engine-id engine-id: Specifies a crypto engine by its ID.The value range for the engine-id argument is 0 to 4294967295
slot slot-number: Specifies an IRF member device by its member ID. (In IRF mode.)
Usage guidelines
(In standalone mode.) If you do not specify any parameters, this command clears statistics for all crypto engines.
(In IRF mode.) If you do not specify any parameters, this command clears crypto engine statistics for all member devices.
Examples
# Clear statistics for all crypto engines.
<Sysname> reset crypto-engine statistics
# Clear statistics for crypto engine 1 on the specified slot.
<Sysname> reset crypto-engine statistics engine-id 1 slot 1
Related commands