capwap inter-controller sensitive-info psk
Function
The capwap inter-controller sensitive-info psk command configures a pre-shared key (PSK) used for encrypting sensitive information between ACs.
The undo capwap inter-controller sensitive-info psk command deletes the configured PSK used for encrypting sensitive information between ACs.
By default, no PSK is configured for encrypting sensitive information between ACs.
Format
capwap inter-controller sensitive-info psk key-value
undo capwap inter-controller sensitive-info psk
Parameters
Parameter |
Description |
Value |
|---|---|---|
key-value |
Specifies a PSK for encrypting sensitive information between ACs. |
The value is a string of 6 to 32 case-sensitive characters without question marks (?) or spaces. For a plaintext PSK, the length must be 48 or 68 bits. If the string is enclosed in double quotation marks ("), the string can contain spaces.
NOTE:
For security purposes, the PSK must contain at least two of the following: digits, lowercase letters, uppercase letters, and special characters. In addition, the PSK must consist of six or more characters. |
Usage Guidelines
Usage Scenario
In inter-AC roaming scenarios, ACs may need to exchange sensitive information such as the user name and password. The PSK is required to protect data transmitted between the ACs.
Precautions
The PSK must be set to the same on ACs. Otherwise, the CAPWAP tunnel cannot be set up between the ACs.
Example
# Set the PSK used for encrypting sensitive information between ACs to huawei@123.
<HUAWEI> system-view [HUAWEI] capwap inter-controller sensitive-info psk huawei@123 Warning: The ACs must have the same configuration. Otherwise, the link between them cannot be set up. Warning: This operation may cause devices using CAPWAP connections to reset or go offline. Continue? [Y/N]: