capwap sensitive-info psk

Function

The capwap sensitive-info psk command modifies the pre-shared key (PSK) used for sensitive information encryption.

The undo capwap sensitive-info psk command restores the default PSK used for sensitive information encryption.

The default PSK used for sensitive information encryption is WLAN-KEYSTRING-AES256.

Format

capwap sensitive-info psk psk-value

undo capwap sensitive-info psk

Parameters

Parameter	Description	Value
psk-value	Specifies the PSK used for sensitive information encryption.	The value can be a string of 48 or 68 characters in cipher text (for example, *%^%#u(Oz:BL,QKYZw%-JWCP8aGC,="C&M'OIGmt.V(%^%#) or a string of 6 to 32 characters in plain text (for example, a1234567*). The key must contain at least two of the following: uppercase letters, lowercase letters, digits, and special characters except the question mark (?) and space.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Sensitive information transmitted between the AC and APs is encrypted, such as the FTP user name/password, AP login user name/password, and service configuration-related keys. You can use the capwap sensitive-info psk command to modify the PSK used for sensitive information encryption.

To ensure STA security, you are advised to modify the PSK value.

After the configuration is complete, all online APs will go offline from the AC and go online again.

Precautions

In hot backup (HSB) and dual-link cold backup scenarios, the PSKs configured on the active and standby ACs must be the same. Otherwise, APs cannot set up CAPWAP tunnels with the standby AC.

The pre-shared key for encrypting sensitive information cannot be modified when an AP is being upgraded on the

Example

# Modify the PSK for encrypting sensitive information to z0020011@11.

<HUAWEI> system-view
[HUAWEI] capwap sensitive-info psk z0020011@11
Warning: This operation may cause devices using CAPWAP connections to go offline. Continue? [Y/N]:y