Configuring IPSec 565

Configure NDEC Cards Enable the crypto cards

When several crypto cards on the router work simultaneously, The commands enable and disable can be used to manage the crypto cards. To facilitate the management and debugging, you can set a crypto card to be in disabled state (disable the crypto card to process data) or enabled state as needed. Executing the enable command on a crypto card in disable state will reset and initiate it.

Perform the following configurations in system view.

Table 631 Enable/Disable the NDECCard

Operation

Command

 

 

Enable the crypto card

encrypt-card enable [ slot-id]

 

 

Disable the crypto card

encrypt-card disable [ slot-id]

 

 

By default, all the crypto cards are enabled.

Synchronize the crypto card clock with the router host clock

NDEC cards have their own clock. To synchronize the crypto card clock and the host clock, the host will send the command of synchronizing clocks to the crypto card periodically. The users can synchronize the crypto card clock and the host clock immediately using this command.

Perform the following configuration in system view.

Table 632 Synchronize the NDEC Card Clock and the Router Host Clock

Operation

Command

 

 

Synchronize the crypto card clock

encrypt-card set time [ slot-id]

(applicable to crypto cards)

 

 

 

Set the output of the crypto card log

Perform the following configuration in system view.

Table 633 Set the Output of the NDEC Card Log

Operation

Command

 

 

Enable/Disable the output of log

encrypt-card set syslog { enable

(applicable to crypto cards)

disable } [ slot-id]

 

 

By default, the outputting of log is disabled.

Enable the main For the SAs applied at the encrypt-card side, the works of IPSec processing on the software backup traffic will be shared among the normal encrypt-cards as long as there are

encrypt-cards in normal status on the router. If all the encrypt-cards are abnormal, there will be no encrypt-cards can conduct the IPSec processing. In this case, given that the host has already been enabled to backup the encrypt-cards, the IPSec module will replace the encrypt-cards to conduct IPSec processing on the packets, if the IPSec module (the main software) supports the encryption/authentication algorithm used by this SA. If it does not, the packets will be discarded.

Perform the following configurations in system view.

Page 569
Image 569
3Com 10014299 manual Configure Ndec Cards Enable the crypto cards, By default, all the crypto cards are enabled