Display Encrypt-Card Fast-Switch - H3C MSR 20-20 Command Reference Manual

2120 C 140: IPS
HAPTER EC
Parameter
Description
Example

display encrypt-card fast-switch

Syntax
View
Parameter
Description
Parameter
C C
ONFIGURATION OMMANDS
None
Use the cryptoswitch fabric enable
fabric.
Use the
undo cryptoswitch fabric enable
switch fabric.
If an encryption card is bound, IPSec processing is performed by the card as
■
long as it works properly. If the encryption card fails, the encryption switch
fabric cannot automatically substitute the encryption card for IPSec processing
even the encryption switch fabric is enabled. This is also the case for the IPSec
module backup function. In this case, the matched packets are discarded until
you manually remove the binding between an IPSec policy (group) and an
encryption card.
If no encryption card is bound, there are also two cases:
If the encryption switch fabric is enabled, it takes over the responsibility of
■
IPSec processing;
If the encryption switch fabric is disabled or has failed but the IPSec module
■
backup function is enabled, the IPSec module takes over the responsibility of
IPSec processing; if the IPSec module backup function is disabled, the matched
packets are discarded.
By default, the encryption switch fabric is enabled.
# Enable the encryption switch fabric.
<Sysname> system-view
[Sysname] cryptoswitch fabric enable
display encrypt-card fast-switch
Any view
None
Use the
display encrypt-card fast-switch
the encryption card fast switching cache.
# Display the contents of the encryption card fast switching cache.
<sysname> display encrypt-card fast-switch
encrypt-card Fast-Forwarding cache: (200 times matched)
--------------------------------------------------------------------------
Index SourIP
38 11.1.1.1
139 11.1.1.2
command to enable the encryption switch
SourPort DestIP DestPort
8 11.1.1.2
0 11.1.1.1
command to disable the encryption
command to display the contents of
Prot TdbID
0 1 0x00000002
0 50 0x00000001
ENC/DEC
encrypt
decrypt