The security psk command configures pre-shared key (PSK) authentication and encryption for WPA and WPA2.
The undo security command restores the default security policy.
By default, the security policy is open system.
security { wpa | wpa2 | wpa-wpa2 } psk { pass-phrase | hex } key-value { aes | tkip | aes-tkip }
security wpa-wpa2 psk { pass-phrase | hex } key-value tkip aes
undo security
Parameter |
Description |
Value |
|---|---|---|
wpa |
Configures WPA authentication. |
- |
wpa2 |
Configures WPA2 authentication. |
- |
wpa-wpa2 |
Configures WPA-WPA2 authentication. STAs can be authenticated using WPA or WPA2. |
- |
pass-phrase |
Specifies the key phrase. |
- |
hex |
Specifies a hexadecimal number. The password of hex does not have enough complexity, so pass-phrase is recommended. |
- |
key-value |
Specifies a password in cipher text. |
The value is of 8 to 63 ASCII characters in plain text, 64 hexadecimal characters in plain text, or 48 or 68 or 88 or 108 characters in cipher text. A password cannot contain the space and double quotation mark (") at the same time. When the password contains a space, add the double quotation mark (") to the beginning and end of the string when entering the password. For example, if the password is abc123 ABC, enter "abc123 ABC". NOTE:
For security purposes, you are advised to configure a password that contains at least two of the following: digits, lowercase letters, uppercase letters, and special characters. |
aes |
Configures AES encryption. |
- |
tkip |
Configures TKIP encryption. |
- |
aes-tkip |
Configures AES-TKIP encryption. After passing the authentication, STAs can use the AES or TKIP algorithm for data encryption. |
- |
Usage Scenario
WPA/WPA2 authentication includes WPA/WPA2 PSK authentication and 802.1X authentication, which are also called WPA/WPA2 personal edition and WPA/WPA2 enterprise edition, respectively. 802.1X authentication is of high security and is applicable to enterprise networks.
To access a WLAN device using WPA or WPA2 PSK authentication, run the security psk command. If multiple types of STAs are available, you can configure the WPA-WPA2 and AES-TKIP security policy for authentication and data encryption.
The security wpa-wpa2 psk { pass-phrase | hex } key-value tkip aes command indicates that WPA and WPA2 use TKIP and AES for data encryption, respectively.
Precautions
If the key is in hexadecimal notation, you can enter hexadecimal characters without entering 0x.
If a security profile is bound to multiple VAP profiles, it will take a few minutes to configure WPA/WPA2 PSK authentication and encryption in the security profile.
The system displays the message only when the security profile has been bound to the other profiles.
If PSK authentication and TKIP or AES-TKIP encryption for WPA/WPA2 is configured, the access of non-HT STAs fails to be denied.
# Configure WPA PSK authentication and the authentication key.
<HUAWEI> system-view [HUAWEI] wlan [HUAWEI-wlan-view] security-profile name p1 [HUAWEI-wlan-sec-prof-p1] security wpa psk pass-phrase abcdfffffg123 aes
# Configure WPA2 PSK authentication and the authentication key.
<HUAWEI> system-view [HUAWEI] wlan [HUAWEI-wlan-view] security-profile name p1 [HUAWEI-wlan-sec-prof-p1] security wpa2 psk pass-phrase abcdfffffg123 aes
<HUAWEI> system-view [HUAWEI] wlan [HUAWEI-wlan-view] security-profile name p1 [HUAWEI-wlan-sec-prof-p1] security wpa-wpa2 psk pass-phrase abcdfffffg123 aes-tkip Warning: If the wmm disable command, TKIP, WEP, or radio type of 802.11a/b/g is configured, the function of denying access of legacy STAs cannot take effect.