ACs of a mobility group set up tunnels to synchronize data and transmit packets. After DTLS encryption of an inter-AC tunnel is enabled, and the AC obtains the IP address of another AC through the discovery mechanism, the ACs enter the DTLS negotiation stage, in which the ACs use DTLS to set up a tunnel and encrypt UDP packets forwarded in the tunnel. This improves packet transmission security.
It is recommended that you configure the same PSK on the ACs at both ends before enabling DTLS encryption. In this way, the ACs have the same PSK. If you enable DTLS encryption first, and the ACs have different PSKs, DTLS negotiation fails. As a result, the tunnel cannot be set up between the two ACs.
The system view is displayed.
The default PSK for DTLS encryption of an inter-AC tunnel is huawei_seccwp.
The default PSK for DTLS encryption of an inter-AC tunnel is huawei_seccwp.
DTLS encryption for an inter-AC control tunnel is enabled.
By default, DTLS encryption for an inter-AC control tunnel is disabled.