No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Command Reference

CloudEngine 8800, 7800, 6800, and 5800 V200R002C50

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Master Key Configuration Commands

Master Key Configuration Commands

clear master-key

Function

The clear master-key command restores the default system master key.

Format

clear master-key

Parameters

None

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To restore the default system master key, run the clear master-key command.

Implementation Procedure

After this command is run, the system will provide you interactive guidance to restore the default system master key, and information entered is not displayed on the terminal interface.
NOTE:
During the interactive process, the system prompts you to enter a password. Note the following:
  • The password that a user needs to input is the current user password but not the current system master key. If the current system master key is input, the operation of restoring the default system master key does not take effect.
  • If a user inputs incorrect user passwords for multiple times, the system locks the current user and forcibly logs the user out.

Precautions

Users logging in using passwords or AAA authentication mode can use this command to restore the default system master key.

In the interactive process, users need to input Y on the terminal interface to proceed to the next step. If a user inputs N, the system stops the current operation and exits.

Example

# Restore the default system master key.

<HUAWEI> clear master-key
Warning: This operation will automatically save configurations. Are you sure you want to perform it? [Y/N]:y
Warning: This operation will change the current master key to the default master key.
Enter the user password: 
Info: Operating, please wait for a moment....
Info: Operation succeeded.

display master-key configuration

Function

The display master-key configuration command displays the configuration of the current system master key.

Format

display master-key configuration

Parameters

None

Views

All views

Default Level

3: Management level

Usage Guidelines

To check whether the current system master key is a user-configured key or the default key, run the display master-key configuration command.

Example

# Display whether the system master key is a user-configured key or the default key.

<HUAWEI> display master-key configuration
Current master key: default
Table 16-103  Description of the display master-key command output

Item

Description

Current master key

Current system master key. The value can be one of the following:
  • default: default system master key
  • user-defined: user-configured master key

set master-key

Function

The set master-key command sets the system master key.

Format

set master-key

Parameters

None

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

In an actual network environment, the network and devices are provided and maintained by network providers, and the data belongs to tenants. To provide secure data transmission and storage on the network, ensure that keys are under complete control of the specific tenant and cannot be obtained by network providers or other tenants. To be specific, tenants need to have their own key management schemes. Tenants can manually modify the system master key based on actual requirements to enhance data security and reliability.

Implementation Procedure

After a user runs this command, the system will provide the user interactive guidance to restore the default system master key, and information entered is not displayed on the terminal interface.
NOTE:
During the interactive process, the system prompts the user to input a password. Note the following:
  • The password that a user needs to input is the current user password but not the current system master key. If the current system master key is input, the operation of configuring the master key does not take effect.
  • If a user inputs incorrect user passwords for multiple times, the system locks the current user and forcibly logs the user out.

After the master key is successfully changed, the system automatically saves the configuration.

Precautions

The master key value is a string of 20 to 32 characters and must be a combination of uppercase letters, lowercase letters, digits, and special characters.

Users logging in using passwords or AAA authentication mode can use this command to configure the system master key.

Note the following during the interactive process:
  • If the current system master key is not the default one, users need to input the current system master key for identity authentication before changing the master key.
  • After the system master key is input, users need to input Y on the terminal interface to proceed to the next step. If a user inputs N, the system stops the current operation and exits.
  • A user needs to input the new master key twice. The system proceeds to the next operation only when the two input master keys are identical.

If an error occurs during master key modification, the system prompts a message indicating a master key modification failure and instructs the user to retry it. If the failure persists, contact Huawei technical support personnel.

After the master key is modified, devices cannot share the configuration files. After a configuration file is copied from another device to the local device for next startup, if the master key on the source device is not the default master key and does not exist on the local device, the configuration fails. To resolve this problem, perform one of the following operations:
  • Change the master key on the device to be configured to be the same as that on the device that provides the configuration file.
  • Change the master key on the device that provides the configuration file to be the same as that on the device to be configured. After that, save and export the configuration file, upload it to the device to be configured, and specify the configuration file for next startup.
  • Specify the default master key as the master key on the device that provides the configuration file. After that, save and export the configuration file, upload it to the device to be configured, and specify the configuration file for next startup.
After the master key is changed and a configuration file is copied from another device to the local device for next startup, if the master key on the source device is not the default master key and does not exist on the local device, the local device cannot decrypt the copied file due to master key mismatch. To resolve this problem, perform one of the following operations:
  • Change the master key on the local device to be the same as that on the device that provides the encrypted file.
  • Change the master key on the device that provides the encrypted file to be the same as that on the local device. After that, export the encrypted file and upload it to the local device.
  • Specify the default master key as the master key on the device that provides the encrypted file. After that, export the encrypted file and upload it to the local device for decryption.

Example

# Modify the system master key that is the default master key.

<HUAWEI> set master-key
Warning: This operation will automatically save configurations. Are you sure you want to perform it? [Y/N]:y
Enter a new master key: 
Confirm the new master key: 
Warning: Keep the new master key well.
Enter the user password: 
Info: Operating, please wait for a moment.....
Info: Operation succeeded.
Translation
Download
Updated: 2019-03-21

Document ID: EDOC1000166501

Views: 51289

Downloads: 337

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next