4000 Router Series Security Command Reference

410

Crypto engine commands

crypto-engine accelerator disable

Use crypto-engine accelerator disable to disable hardware crypto engines.

Use undo crypto-engine accelerator disable to enable hardware crypto engines.

Syntax

crypto-engine accelerator disable

undo crypto-engine accelerator disable

Default

Hardware crypto engines are enabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Crypto engines include hardware crypto engines and software crypto engines. A hardware crypto

engine is a coprocessors integrated on a CPU, and a software crypto engine is a set of software

encryption algorithms on the device.

Hardware crypto engines can accelerate encryption/decryption speed. If you disable hardware crypto

engines, the device uses only software crypto engines for data encryption/decryption. If you enable

hardware crypto engines, the device preferentially uses hardware crypto engines. If the hardware crypto

engines do not support the required encryption algorithm, the device uses software crypto engines for

data encryption/decryption.

It is subject to service modules how enabling/disabling hardware crypto engines affects the service

modules. For example, for IPsec services, enabling or disable hardware crypto engines affects only

newly established IPsec SAs. The existing IPsec SAs still use the previously selected crypto engine for data

encryption. In this case, HP recommends that you use the reset ipsec sa command to delete all existing

IPsec SAs before you enable or disable hardware crypto engines, so the newly established IPsec SAs can

use the newly selected crypto engine.

HP recommends not disabling hardware crypto engine unless you do it for test, debugging, or

troubleshooting purposes.

Examples

# Disable hardware crypto engines.

<Sysname> system-view

[Sysname] crypto-engine accelerator disable