No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Configuration Guide - Device Management

S1720, S2700, S5700, and S6720 V200R011C10

This document describes the principles and configurations of the Device Management features, and provides configuration examples of these features.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring a Root Key

Configuring a Root Key


The hierarchical key management mechanism consists of three layers of keys, root key, key encryption key and working key. The lower-layer key provides encryption protection for the upper-layer key. The root key is located at the bottom of the key management infrastructure to protect confidentiality of upper-layer keys (such as key encryption key). Therefore, a root key is important to data security. A switch's root key is often stored in the system. If attackers illegally obtain the root key, encrypted data will become insecure. To improve data security and prevent attackers from obtaining encrypted packets, configure another root key on the switch.

  • The root key can only be configured when the switch has no service configuration. If service configuration has been performed on the switch, an error message will be displayed when you configure the root key.

  • If you configure a password (not the administrator password) and key after configuring the root key, the password and key configuration will not be restored after the switch software version is changed to V200R009 or an earlier version.

  • After the root key is configured, the configuration file of the switch cannot be exported and used on other devices.


  1. Run set root-key

    A root key is configured for the switch.

    By default, a switch uses the system default root key.

Verifying the Configuration

Run the display root-key configuration command to check information about the currently used root key.

Updated: 2019-09-23

Document ID: EDOC1000178167

Views: 206193

Downloads: 989

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next