No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


S12700 V200R013C00 Command Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
capwap dtls psk

capwap dtls psk


The capwap dtls psk command configures a pre-shared key used for DTLS encryption.

The undo capwap dtls psk command restores the default pre-shared key used for DTLS encryption.

By default, the pre-shared key used for DTLS encryption is huawei_seccwp.


capwap dtls psk psk-value

undo capwap dtls psk






Specifies the pre-shared key used for DTLS encryption.

The value is string of characters. The pre-shared key contains 48 or 68 characters in cipher text, for example, %^%#u(Oz:BL,QKYZw%-JWC*P8aGC,="C&M'OI*Gmt.V(%^%#, or contains 6 to 32 characters in plain text, for example, a1234567. The password must contain at least two types of the following: uppercase letters, lowercase letters, digits, and special characters except the question mark (?) and space.


System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

During CAPWAP tunnel establishment, an AP establishes a DTLS session with an AC. If DTLS encryption has been enabled for CAPWAP control, sent management packets will be encrypted using DTLS. When a pre-shared key is used for DTLS encryption, you can use the capwap dtls psk command to change the pre-shared key.
It is recommended that you change the pre-shared key in a timely manner to ensure device security.

Follow-up Procedure

Run the capwap dtls control-link encrypt command to enable CAPWAP control tunnel encapsulation using DTLS.


After the capwap dtls psk command configuration is complete, the new pre-shared key will be automatically synchronized to the online APs that are working properly, but the previous pre-shared key still takes effect. The new pre-shared key takes effect after these APs go online again.


# Configure the pre-shared key for DTLS encryption as z0020011@11.

<HUAWEI> system-view
[HUAWEI] capwap dtls psk z0020011@11
Updated: 2019-04-09

Document ID: EDOC1100065659

Views: 116900

Downloads: 83

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next