No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - Network Management and Monitoring

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R009

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring CWMP Authentication

Configuring CWMP Authentication

Context

CWMP uses security mechanisms to protect communication between a CPE and an ACS. The security mechanisms prevent the transactions between the CPE and the ACS from being tampered and ensure confidentiality of the transactions.

The CWMP supports the following authentication mechanisms:
  • CPE and ACS authentication

  • SSL authentication

    When the ACS URL is in the HTTPS format, the CPE and ACS must authenticate each other, and the SSL connection is set up only after the CPE and ACS are authenticated. It ensures the confidentiality of communication between the ACS and the CPE and data integrity.

    When a CPE needs to use an SSL policy to authenticate ACS, configure client SSL authentication. When an ACS needs to set up an HTTPS connection, configure a server SSL policy.

Procedure

  • Configure CPE and ACS authentication.
    1. Run system-view

      The system view is displayed.

    2. Run cwmp

      The CWMP view is displayed.

    3. Configure ACS authentication.

      1. Run cwmp acs username username

        The user name used to connect the CPE to the ACS is configured.

      2. Run cwmp acs password cipher

        The password used to connect the CPE to the ACS is configured.

    4. Configure CPE authentication.

      1. Run cwmp cpe username username

        The user name used to connect the ACS to the CPE is configured.

      2. Run cwmp cpe password cipher

        The password used to connect the ACS to the CPE is configured.

  • Configure SSL authentication.
    1. Run system-view

      The system view is displayed.

    2. Run cwmp

      The CWMP view is displayed.

    3. Run cwmp ssl-client { client-root-cert rootcert-path1 [ rootcert-path2 ] | ssl-policy policy-name }

      The CPE is configured to validate the certificate from the ACS.

      NOTE:
      • The system time must be correctly set; otherwise, certificate validation may fail. To use a new certificate, uninstall the existing certificate first.
      • Before configuring a CPE to authenticate the ACS using an SSL policy, run the ssl policy policy-name type client command to configure the SSL policy on the CPE.

  • Bind the server SSL.
    1. Run system-view

      The system view is displayed.

    2. Run cwmp

      The CWMP view is displayed.

    3. Run cwmp ssl-server ssl-policy policy-name

      An SSL policy is bound to CWMP.

      NOTE:

      When an ACS needs to set up an HTTPS connection, run the cwmp ssl-server ssl-policy policy-name command to configure a server SSL policy.

Translation
Download
Updated: 2019-05-17

Document ID: EDOC1000174072

Views: 101942

Downloads: 337

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next