< Home

security wapi

Function

The security wapi command configures the WAPI authentication mode.

The undo security command restores the default security policy.

By default, the security policy is open system.

Format

security wapi psk { pass-phrase | hex } key-value

security wapi certificate

undo security

Parameters

Parameter

Description

Value

certificate

Configures WAPI certificate authentication.

-

psk

Configures WAPI pre-shared key authentication.

-

pass-phrase

Specifies the key phrase.

-

hex

Specifies a hexadecimal number.

The password of hex does not have enough complexity, so pass-phrase is recommended.

-

key-value

Specifies a password in cipher text.

In pass-phrase mode, the key is a string of 8 to 64 characters in plain text or 48 or 68 or 88 or 108 characters in cipher text. In hex mode, the key is a string of 8 to 32 hexadecimal numbers, in which case the length of the string must be an even, or a string of 48 or 68 or 88 or 108 characters in cipher text.

A password cannot contain the space and double quotation mark (") at the same time. When the password contains a space, add the double quotation mark (") to the beginning and end of the string when entering the password. For example, if the password is abc123 ABC, enter "abc123 ABC".

NOTE:

For security purposes, you are advised to configure a password that contains at least two of the following: digits, lowercase letters, uppercase letters, and special characters.

Views

Security profile view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

WAPI supports two authentication modes: certificate authentication and pre-shared key authentication. When pre-shared key authentication is used, a pre-shared key must be configured.

  • If WAPI authentication is specified as a security policy in a security profile, you can run the wapi authentication-method command to configure the WAPI authentication mode.
  • The wapi authentication-method command determines the WAPI authentication and key management mode. When certificate authentication and key management are configured, authentication involves identity authentication and key negotiation, and the authentication server and certificate need to be configured. When pre-shared key authentication is configured, a pre-shared key needs to be configured, and STAs also need to know the pre-shared key. In this situation, authentication just involves key negotiation.

Precautions

The AP7030DE and AP9330DN do not support WAPI.

The system displays the message only when the security profile has been bound to the other profiles.

Example

# Set the WAPI authentication mode to pre-shared key authentication and specify the key.

<HUAWEI> system-view
[HUAWEI] wlan
[HUAWEI-wlan-view] security-profile name p1
[HUAWEI-wlan-sec-prof-p1] security wapi psk pass-phrase testpassword123
Parent Topic: WLAN Security Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >