3com MSR 20-20 참조 매뉴얼

C

HAPTER

 140: IPS

EC

 C

ONFIGURATION

 C

OMMANDS

None

Use the cryptoswitch fabric enable command to enable the encryption switch 
fabric.

Use the undo cryptoswitch fabric enable command to disable the encryption 
switch fabric.

■

If an encryption card is bound, IPSec processing is performed by the card as 
long as it works properly. If the encryption card fails, the encryption switch 
fabric cannot automatically substitute the encryption card for IPSec processing 
even the encryption switch fabric is enabled. This is also the case for the IPSec 
module backup function. In this case, the matched packets are discarded until 
you manually remove the binding between an IPSec policy (group) and an 
encryption card.

If no encryption card is bound, there are also two cases:

■

If the encryption switch fabric is enabled, it takes over the responsibility of 
IPSec processing;

■

If the encryption switch fabric is disabled or has failed but the IPSec module 
backup function is enabled, the IPSec module takes over the responsibility of 
IPSec processing; if the IPSec module backup function is disabled, the matched 
packets are discarded.

By default, the encryption switch fabric is enabled.

# Enable the encryption switch fabric.

<Sysname> system-view

[Sysname] cryptoswitch fabric enable 

Any view

None

Use the display encrypt-card fast-switch command to display the contents of 
the encryption card fast switching cache.

# Display the contents of the encryption card fast switching cache.

<sysname> display encrypt-card fast-switch

encrypt-card Fast-Forwarding cache: (200 times matched)

--------------------------------------------------------------------------

Index

SourIP

SourPort

DestIP

DestPort

Prot

TdbID

ENC/DEC

38

11.1.1.1

8

11.1.1.2

0

1

0x00000002

encrypt

139

11.1.1.2

0

11.1.1.1

0

50

0x00000001

decrypt