Configuring IPSec 565
Configure NDEC Cards Enable the crypto cards
When several crypto cards on the router work simultaneously, The commands
enable and disable can be used to manage the crypto cards. To facilitate the
management and debugging, you can set a crypto card to be in disabled state
(disable the crypto card to process data) or enabled state as needed. Executing the
enable command on a crypto card in disable state will reset and initiate it.
Perform the following configurations in system view.
Table 631 Enable/Disable the NDECCard
By default, all the crypto cards are enabled.
Synchronize the crypto card clock with the router host clock
NDEC cards have their own clock. To synchronize the crypto card clock and the
host clock, the host will send the command of synchronizing clocks to the crypto
card periodically. The users can synchronize the crypto card clock and the host
clock immediately using this command.
Perform the following configuration in system view.
Table 632 Synchronize the NDEC Card Clock and the Router Host Clock
Set the output of the crypto card log
Perform the following configuration in system view.
Table 633 Set the Output of the NDEC Card Log
By default, the outputting of log is disabled.
Enable the main
software backup
For the SAs applied at the encrypt-card side, the works of IPSec processing on the
traffic will be shared among the normal encrypt-cards as long as there are
encrypt-cards in normal status on the router. If all the encrypt-cards are abnormal,
there will be no encrypt-cards can conduct the IPSec processing. In this case, given
that the host has already been enabled to backup the encrypt-cards, the IPSec
module will replace the encrypt-cards to conduct IPSec processing on the packets,
if the IPSec module (the main software) supports the encryption/authentication
algorithm used by this SA. If it does not, the packets will be discarded.
Perform the following configurations in system view.
Operation Command
Enable the crypto card encrypt-card enable [ slot-id ]
Disable the crypto card encrypt-card disable [ slot-id ]
Operation Command
Synchronize the crypto card clock
(applicable to crypto cards)
encrypt-card set time [ slot-id ]
Operation Command
Enable/Disable the output of log
(applicable to crypto cards)
encrypt-card set syslog { enable |
disable } [ slot-id ]