The capwap dtls psk-mandatory-match enable command enables an AP to establish a Datacom Transport Layer Security (DTLS) session with an AC using the default pre-shared key.
The undo capwap dtls psk-mandatory-match enable command disables an AP to establish a Datacom Transport Layer Security (DTLS) session with an AC using the default pre-shared key.
By default, an AP is disabled to establish a DTLS session with an AC using the default pre-shared key.
When a new AP is added to the WLAN or the passwords of the AP and AC are different (for example, the password of the AC is changed but the AP is not online), you can enable the AP to perform DTLS sessions with the AC using the default pre-shared key. After three DTLS session failures, the AP notifies the AC of DTLS sessions using the default pre-shared key. In this way, a CAPWAP tunnel is established between the AP and the AC.