No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
security psk

security psk


The security psk command configures pre-shared key authentication and encryption for WPA and WPA2.

The undo security command restores the default security policy.

By default, the security policy is open system.


security { wpa | wpa2 | wpa-wpa2 } psk { pass-phrase | hex } key-value { aes | tkip | aes-tkip }

security wpa-wpa2 psk { pass-phrase | hex } key-value tkip aes

undo security






Configures WPA authentication.



Configures WPA2 authentication.



Configures WPA-WPA2 authentication. User terminals can be authenticated using WPA or WPA2.



Specifies the key phrase.



Specifies a hexadecimal number.

The password of hex does not have enough complexity, so pass-phrase is recommended.



Specifies a password in cipher text.

The value is of 8 to 63 ASCII characters in plain text, 64 hexadecimal characters in plain text, or 48 or 68 or 88 or 108 characters in cipher text.

The question mark (?) is supported, which you can enter by pressing Ctrl+T.

A password cannot contain the space and double quotation mark (") at the same time. When the password contains a space, add the double quotation mark (") to the beginning and end of the string when entering the password. For example, if the password is abc123 ABC, enter "abc123 ABC".

To improve security, you are advised to configure a password that contains at least two of the following: digits, lowercase letters, uppercase letters, and special characters.


Configures AES encryption.



Configures TKIP encryption.



Configures AES-TKIP encryption. After passing the authentication, user terminals can use the AES or TKIP algorithm for data encryption.



Security profile view

Default Level

2: Configuration level

Usage Guidelines

Application Scenario

WPA/WPA2 authentication includes WPA/WPA2 pre-shared key authentication and 802.1X authentication, which are also called WPA/WPA2 personal edition and WPA/WPA2 enterprise edition respectively. 802.1X authentication is of high security and is applicable to enterprise networks.

To access a WLAN device using WPA or WPA2 pre-shared key authentication, run the security psk command. If multiple types of user terminals are available, you can configure the WPA-WPA2 and AES-TKIP security policy for authentication and data encryption.

The security wpa-wpa2 psk { pass-phrase | hex } key-value tkip aes command indicates that WPA and WPA2 use TKIP and AES for data encryption, respectively.


If the key is in hexadecimal notation, you can enter hexadecimal characters without entering 0x.

If a security profile is bound to multiple VAP profiles, it will take a few minutes to configure WPA/WPA2 PSK authentication and encryption in the security profile.

The system displays the message only when the security profile has been bound to the other profiles.

If pre-shared key authentication and TKIP or AES-TKIP encryption for WPA/WPA2 is configured, the access of non-HT STAs fails to be denied.

If the password is changed to one starting or ending with a space on the device (for example, huawei123abc), some terminals (such as terminals running Windows 7) may filter out the space when you change the password on the terminals. This will lead to an association failure. Therefore, it is not recommended that a password starting or ending with a space be set on the device. If such a password has been configured on the device, delete the existing SSID on a terminal, reassociate the terminal with the SSID, and enter the password. For detailed terminal types, refer to the Test Report on Terminal Compatibility of Huawei's WLAN Products.


# Configure WPA pre-shared key authentication and the authentication key.

<Huawei> system-view
[Huawei] wlan
[Huawei-wlan-view] security-profile name p1
[Huawei-wlan-sec-prof-p1] security wpa psk pass-phrase abcdfffffg123 aes

# Configure WPA2 pre-shared key authentication and the authentication key.

<Huawei> system-view
[Huawei] wlan
[Huawei-wlan-view] security-profile name p1
[Huawei-wlan-sec-prof-p1] security wpa2 psk pass-phrase abcdfffffg123 aes
# Configure WPA-WPA2 pre-shared key authentication and TKIP-CCMP encryption.
<Huawei> system-view
[Huawei] wlan
[Huawei-wlan-view] security-profile name p1
[Huawei-wlan-sec-prof-p1] security wpa-wpa2 psk pass-phrase abcdfffffg123 aes-tkip
Warning:  If the wmm disable command, TKIP, WEP, or radio type of 802.11a/b/g is configured, the function of denying access of legacy STAs cannot take effect. 
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 249497

Downloads: 140

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Previous Next