No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R013C00 Command Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
capwap message-integrity psk

capwap message-integrity psk

Function

The capwap message-integrity psk command configures a pre-shared key (PSK) for checking integrity of CAPWAP packets.

The undo capwap message-integrity psk command restores the default PSK for checking integrity of CAPWAP packets.

The default PSK for checking integrity of CAPWAP packets is huawei_seccwp.

Format

capwap message-integrity psk psk-value

undo capwap message-integrity psk

Parameters

Parameter

Description

Value

psk-value

Specifies the PSK for checking integrity of CAPWAP packets.

The value can be a string of 48 or 68 characters in cipher text (for example, %^%#u(Oz:BL,QKYZw%-JWC*P8aGC,="C&M'OI*Gmt.V(%^%#) or a string of 6 to 32 characters in plain text (for example, a1234567). The key must contain at least two of the following: uppercase letters, lowercase letters, digits, and special characters except the question mark (?) and space.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

CAPWAP packets are transmitted between the AC and APs. To prevent the packets from being forged or tampered with and prevent malformed packet attacks, you can configure integrity check of of CAPWAP packets. When a PSK is used to check integrity of CAPWAP packets, you can run this command on the AC to configure a PSK.

NOTE:
It is recommended that you change the pre-shared key in a timely manner to ensure device security.

Follow-up Procedure

Run the undo capwap message-integrity check disable command to enable integrity check of CAPWAP packets.

Configuration Impact

After this configuration is complete, all online APs on the AC go offline.

Example

# Set the PSK for checking integrity of CAPWAP packets to z0020011@11.

<HUAWEI> system-view
[HUAWEI] capwap message-integrity psk z0020011@11
Warning: In a backup scenario, the PSK and status of CAPWAP message integrity check must be the same between the master and backup e
nds. This operation may cause devices using CAPWAP connections to reset or go offline. Continue? [Y/N]:y
Translation
Download
Updated: 2019-04-09

Document ID: EDOC1100065659

Views: 127313

Downloads: 88

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next