capwap dtls psk

Function

The capwap dtls psk command configures a pre-shared key used for DTLS encryption.

The undo capwap dtls psk command restores the default pre-shared key used for DTLS encryption.

By default, the pre-shared key used for DTLS encryption is huawei_seccwp.

Format

capwap dtls psk psk-value

undo capwap dtls psk

Parameters

Parameter	Description	Value
psk-value	Specifies the pre-shared key used for DTLS encryption.	The value is string of characters. The pre-shared key contains 48 or 68 characters in cipher text, for example, %^%#u(Oz:BL,QKYZw%-JWCP8aGC,="C&M'OIGmt.V(%^%#, or contains 6 to 32 characters in plain text, for example, a1234567. The password must contain at least two types of the following: uppercase letters, lowercase letters, digits, and special characters except the question mark (?) and space.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

During CAPWAP tunnel establishment, an AP establishes a DTLS session with an AC. If DTLS encryption has been enabled for CAPWAP control, sent management packets will be encrypted using DTLS. When a pre-shared key is used for DTLS encryption, you can use the capwap dtls psk command to change the pre-shared key.

It is recommended that you change the pre-shared key in a timely manner to ensure device security.

Follow-up Procedure

Run the capwap dtls control-link encrypt command to enable CAPWAP control tunnel encapsulation using DTLS.

Precautions

After the capwap dtls psk command configuration is complete, the new pre-shared key will be automatically synchronized to the online APs that are working properly, but the previous pre-shared key still takes effect. The new pre-shared key takes effect after these APs go online again.

Example

# Configure the pre-shared key for DTLS encryption as huawei123.

<HUAWEI> system-view
[HUAWEI] capwap dtls psk huawei123