Login
- Table of Contents
-
- 08-Security Configuration Guide
- 00-Preface
- 01-AAA configuration
- 02-802.1X configuration
- 03-MAC authentication configuration
- 04-Portal configuration
- 05-Web authentication configuration
- 06-Triple authentication configuration
- 07-Port security configuration
- 08-User profile configuration
- 09-Password control configuration
- 10-Keychain configuration
- 11-Public key management
- 12-PKI configuration
- 13-IPsec configuration
- 14-SSH configuration
- 15-SSL configuration
- 16-Attack detection and prevention configuration
- 17-IP source guard configuration
- 18-ARP attack protection configuration
- 19-ND attack defense configuration
- 20-uRPF configuration
- 21-SAVI configuration
- 22-MFF configuration
- 23-Crypto engine configuration
- 24-FIPS configuration
- 25-802.1X client configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 23-Crypto engine configuration | 40.76 KB |
Configuring crypto engines
Overview
Crypto engines encrypt and decrypt data for service modules. Crypto engines include the following types:
· Hardware crypto engines—A hardware crypto engine is a coprocessor integrated on a CPU or hardware crypto card. Hardware crypto engines can accelerate encryption/decryption speed, which improves device processing efficiency. You can enable or disable hardware crypto engines globally as needed. By default, hardware crypto engines are enabled.
· Software crypto engines—A software crypto engine is a set of software encryption algorithms. The device uses software crypto engines to encrypt and decrypt data for service modules. They are always enabled. You cannot enable or disable software crypto engines.
The switch only supports a software crypto engine in the current software version.
Crypto engines provide encryption/decryption services for service modules, for example, the IPsec module. When a service module requires data encryption/decryption, it sends the desired data to a crypto engine. After the crypto engine completes data encryption/decryption, it sends the data back to the service module.
Displaying and maintaining crypto engines
Execute display commands in any view and reset commands in user view.
|
Task |
Command |
|
Display crypto engine information. |
display crypto-engine |
|
Display crypto engine statistics. |
display crypto-engine statistics [ engine-id engine-id slot slot-number ] |
|
Clear crypto engine statistics. |
reset crypto-engine statistics [ engine-id engine-id slot slot-number ] |
