as access dtls psk
Function
The as access dtls psk command configures a pre-shared key for Datagram Transport Layer Security (DTLS) encryption on an access switch (AS).
The undo as access dtls psk command deletes a pre-shared key used for DTLS encryption.
The default pre-shared key for DTLS encryption is huawei_seccwp.
This command can only be executed on an AS.
Parameters
| Parameter | Description | Value |
|---|---|---|
| psk-value | Specifies a pre-shared key. |
The value is a string of 6 to 32 case-sensitive characters without spaces. The pre-shared key must be in plain text and contain at least two of the following: letters, digits, and special characters. |
Usage Guidelines
Usage Scenario
To encrypt CAPWAP-encapsulated packets between the parent and an AS, configure the same pre-shared key on the parent and AS. You can run the as access dtls psk command to configure a pre-shared key for DTLS encryption on the AS.
Precautions
- The default pre-shared key has security risks. You are advised to change the pre-shared key.
- After an AS has connected to an SVF system, configuring or deleting the pre-shared key for DTLS encryption is not allowed on the AS.