No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Security

CloudEngine 8800, 7800, 6800, and 5800 V200R005C10

This document describes the configurations of Security, including ACL, local attack defense, MFF, attack defense, traffic suppression and storm control, ARP security, Port security, DHCP snooping, ND snooping, PPPoE+, IPSG, SAVI, separating the management plane from the service plane, security risks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Setting the System Master Key

Setting the System Master Key

This section describes how to set the system master key to improve data security and reliability.

Context

In an actual network environment, the network and devices are provided and maintained by network providers, and the data belongs to tenants. To provide secure data transmission and storage on the network, ensure that keys are under complete control of the specific user and cannot be obtained by network providers or other tenants. To be specific, users need to have their own key management schemes.

Users can manually modify the system master key based on actual requirements to enhance data security and reliability.

Procedure

Run set master-key

The system master key is set in the user view.
NOTE:

When you forget the system master key, run the clear master-key command to restore the default system master key.

Note the following during the interactive process:
  • If the current system master key is not the default one, users need to input the current system master key for identity authentication before changing the master key.
  • After the system master key is input, users need to input Y on the terminal interface to proceed to the next step. If a user inputs N, the system stops the current operation and exits.
  • A user needs to input the new master key twice. The system proceeds to the next operation only when the two input master keys are identical.

If an error occurs during master key modification, the system prompts a message indicating a master key modification failure and instructs the user to retry it. If the failure persists, contact Huawei technical support personnel.

After the master key is modified, devices cannot share the configuration files. After a configuration file is copied from another device to the local device for next startup, if the master key on the source device is not the default master key and does not exist on the local device, the configuration fails. To resolve this problem, perform one of the following operations:
  • Change the master key on the device to be configured to be the same as that on the device that provides the configuration file.
  • Change the master key on the device that provides the configuration file to be the same as that on the device to be configured. After that, save and export the configuration file, upload it to the device to be configured, and specify the configuration file for next startup.
  • Specify the default master key as the master key on the device that provides the configuration file. After that, save and export the configuration file, upload it to the device to be configured, and specify the configuration file for next startup.
After the master key is changed and a configuration file is copied from another device to the local device for next startup, if the master key on the source device is not the default master key and does not exist on the local device, the local device cannot decrypt the copied file due to master key mismatch. To resolve this problem, perform one of the following operations:
  • Change the master key on the local device to be the same as that on the device that provides the encrypted file.
  • Change the master key on the device that provides the encrypted file to be the same as that on the local device. Then, export the encrypted file and upload it to the local device.
  • Specify the default master key as the master key on the device that provides the encrypted file. Then, export the encrypted file and upload it to the local device for decryption.

Verifying the Configuration

When the preceding configuration is complete, you can run the following command to check the configurations.

Run the display master-key configuration command to check whether the current system master key is the default or user-defined one.

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100074765

Views: 23086

Downloads: 93

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next