Configure CWMP Authentication and Encryption Function
Configuration Condition
Before configuring the CWMP authentication and encryption function, first complete the following task:
- The basic configuration of the CWMP proxy is completed, including the CWMP proxy enabling configuration and the ACS information configuration of the CWMP proxy.
- When configuring the encryption function, prepare the certificate and it requires manual import.
Configure CWMP Authentication Function
When the ACS requires initiating the connection to the device, configure the CWMP proxy to authenticate the connection request sent from the ACS in terms of the security.
Table 10-11 Configure the CWMP authentication function
Step
|
Command
|
Description
|
Enter the global configuration mode
|
configure terminal
|
-
|
Enter the CWMP proxy configuration mode
|
cwmp agent
|
Mandatory
|
Enable the CWMP proxy
|
enable
|
Mandatory
By default, the CWMP proxy is disabled.
|
Configure the user name for the CPE authenticating the connection request from the ACS
|
connection request username user-name
|
Mandatory
By default, the user name is not configured.
|
Configure the password for the CPE authenticating the connection request from the ACS
|
connection request password password
|
Mandatory
By default, the password is not configured.
|
Configure CWMP PKI Trust Domain Name
Viewing from the security, when the device connects to the ACS through the HTTPS mode, you need to specify the KPI trust domain name of the CWMP proxy, so as to verify the validity of the ACS certificate.
Table 10-12 Configure the CWMP ACS certificate
Step
|
Command
|
Description
|
Enter the global configuration mode
|
configure terminal
|
-
|
Enter the CWMP proxy configuration mode
|
cwmp agent
|
Mandatory
|
Enable the CWMP proxy
|
enable
|
Mandatory
By default, the CWMP proxy is disabled.
|
Configure the KPI trust domain name of the CWMP proxy
|
secure-identity ca-name
|
Mandatory
By default, the CWMP proxy does not have the KPI trust domain name.
|