No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


S12700 V200R013C00 Command Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
capwap dtls inter-controller psk

capwap dtls inter-controller psk


The capwap dtls inter-controller psk command configures a pre-shared key (PSK) for DTLS encryption of an inter-AC tunnel.

The undo capwap dtls inter-controller psk command restores the default PSK used for DTLS encryption.

The default PSK for DTLS encryption of an inter-AC tunnel is huawei_seccwp.


capwap dtls inter-controller psk psk-value

undo capwap dtls inter-controller psk






Specifies a PSK for DTLS encryption.

The value is string of characters. The PSK contains 48 or 68 characters in ciphertext, for example, %^%#u(Oz:BL,QKYZw%-JWC*P8aGC,="C&M'OI*Gmt.V(%^%#, or contains 6 to 32 characters in plaintext, for example, a1234567. The password must contain at least two types of the following: uppercase letters, lowercase letters, digits, and special characters.


System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After ACs establish a connection, they start a DTLS session. DTLS supports PSK encryption. When a PSK is used for DTLS encryption, you can use this command to change the value of the PSK on the AC.

Follow-up Procedure

Run the capwap dtls inter-controller control-link encrypt command to enable DTLS encryption for an inter-AC control tunnel.


If you modify the PSK after an inter-AC tunnel is set up, the modification takes effect at the next tunnel setup.

DTLS encryption must be enabled on ACs at both ends of the tunnel, and the ACs must have the same PSK.

It is recommended that you configure the same PSK on the ACs at both ends before enabling DTLS encryption. In this way, the ACs have the same PSK. If you enable DTLS encryption first, and the ACs have different PSKs, DTLS negotiation fails. As a result, the tunnel cannot be set up between the two ACs.


# Configure the PSK a1234567 for DTLS encryption of an inter-AC tunnel.

<HUAWEI> system-view
[HUAWEI] capwap dtls inter-controller psk a1234567
Updated: 2019-04-09

Document ID: EDOC1100065659

Views: 124873

Downloads: 88

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next