- Table of Contents
-
- 16-Security Configuration Guide
- 00-Preface
- 01-ACL configuration
- 02-APR configuration
- 03-ARP attack protection configuration
- 04-ASPF configuration
- 05-IP source guard configuration
- 06-IPsec configuration
- 07-ND attack defense configuration
- 08-Password control configuration
- 09-PKI configuration
- 10-SSH configuration
- 11-SSL configuration
- 12-SSL VPN configuration
- 13-URL filtering configuration
- 14-User profile configuration
- 15-Bandwidth management configuration
- 16-Public key management
- 17-Attack detection and prevention configuration
- 18-Session management
- 19-Connection limit configuration
- 20-Crypto engine configuration
- 21-Time range configuration
- 22-Protocol packet rate limit configuration
- 23-DPI engine configuration
- Related Documents
-
Title | Size | Download |
---|---|---|
20-Crypto engine configuration | 52.21 KB |
Crypto engine processing mechanism
Restrictions: Hardware compatibility with crypto engines
Display and maintenance commands for crypto engines
Configuring crypto engines
About crypto engines
Crypto engines encrypt and decrypt data for service modules.
Crypto engine types
Crypto engines include the following types:
· Hardware crypto engines—A hardware crypto engine is a coprocessor integrated on a CPU or hardware crypto card. Hardware crypto engines can accelerate encryption/decryption speed, which improves device processing efficiency. You can enable or disable hardware crypto engines globally as needed. By default, hardware crypto engines are enabled.
· Software crypto engines—A software crypto engine is a set of software encryption algorithms. The device uses software crypto engines to encrypt and decrypt data for service modules. They are always enabled. You cannot enable or disable software crypto engines.
Crypto engine processing mechanism
If you disable hardware crypto engines, the device uses only software crypto engines for data encryption/decryption. If you enable hardware crypto engines, the device preferentially uses hardware crypto engines. If the device does not support hardware crypto engines, or if the hardware crypto engines do not support the required encryption algorithm, the device uses software crypto engines for data encryption/decryption.
Crypto engines provide encryption/decryption services for service modules, for example, the IPsec module. When a service module requires data encryption/decryption, it sends the desired data to a crypto engine. After the crypto engine completes data encryption/decryption, it sends the data back to the service module.
Restrictions: Hardware compatibility with crypto engines
Hardware series |
Model |
Product code |
Crypto engine compatibility |
WX1800H series |
WX1804H |
EWP-WX1804H-PWR-CN |
Yes |
WX2500H series |
WX2508H-PWR-LTE WX2510H WX2510H-F WX2540H WX2540H-F WX2560H |
EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H |
Yes: WX2508H-PWR-LTE No: · WX2510H · WX2510H-F · WX2540H · WX2540H-F · WX2560H |
WX3000H series |
WX3010H WX3010H-X WX3010H-L WX3024H WX3024H-L WX3024H-F |
EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F |
No |
WX3500H series |
WX3508H WX3510H WX3520H WX3520H-F WX3540H |
EWP-WX3508H EWP-WX3510H EWP-WX3520H EWP-WX3520H-F EWP-WX3540H |
No: WX3508H Yes: · WX3510H · WX3520H · WX3520H-F · WX3540H |
WX5500E series |
WX5510E WX5540E |
EWP-WX5510E EWP-WX5540E |
Yes |
WX5500H series |
WX5540H WX5560H WX5580H |
EWP-WX5540H EWP-WX5560H EWP-WX5580H |
Yes |
Access controller modules |
LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F |
LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F |
Yes |
Hardware series |
Model |
Product code |
Crypto engine compatibility |
WX1800H series |
WX1804H WX1810H WX1820H WX1840H |
EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL |
Yes: · WX1804H · WX1810H · WX1820H No: WX1840H |
WX3800H series |
WX3820H WX3840H |
EWP-WX3820H-GL EWP-WX3840H-GL |
Yes |
WX5800H series |
WX5860H |
EWP-WX5860H-GL |
Yes |
Display and maintenance commands for crypto engines
IMPORTANT: The WX1800H series, WX2500H series, and WX3000H series access controllers do not support parameters or commands that are available only in IRF mode. |
Execute display commands in any view and reset commands in user view.
Task |
Command |
Display crypto engine information. |
display crypto-engine |
Display crypto engine statistics. |
In standalone mode: display crypto-engine statistics [ engine-id engine-id ] In IRF mode: display crypto-engine statistics [ engine-id engine-id slot slot-number ] |
Clear crypto engine statistics. |
In standalone mode: reset crypto-engine statistics [ engine-id engine-id ] In IRF mode: reset crypto-engine statistics [ engine-id engine-id slot slot-number ] |