CLI Reference Guide

ManualsBrandsDell ManualsComputer equipmentPowerConnect W-6000

431

432

433

434

435

436

437

438

439

440

436 | masterip Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide

masterip

masterip <ipaddr>

ipsec <key> [interface uplink|{vlan <id>}] [fqdn <fqdn>]

ipsec-custom-cert master-mac1 <mac1> [master-mac2 <mac2>] ca-cert <ca> server-cert <cert>

[interface uplink|{vlan <id>}] [fqdn <fqdn>] [suite-b gcm-128|gcm-256]

ipsec-factory-cert master-mac1 <mac1> [master-mac2 <mac2>] [interface uplink|{vlan <id>}]

[fqdn <fqdn>]

Description

This command configures the IP address and preshared key or certificate for the master controller on a local

controller.

Syntax

Parameter

Description

IP address of the master controller.

ipsec <key>

To establish the master-local IPsec tunnel using IKEv1, enter a preshared key between 6-

64 characters.

ipsec-custom-cert

Use a custom-installed certificate on the master controller to establish a master-local

IPsec tunnel using IKEv2.

master-mac1 <mac1>

The MAC address of the certificate on the Master.

master-mac2 <mac2>

(Optional) the MAC address of the certificate on the backup master controller.

ca-cert <ca>

User-defined name of a trusted CA certificate installed on the master controller. Use the

show crypto-local pki TrustedCA command to display the CA certificates that have been

imported into the controller.

server-cert <cert>

User-defined name of a server certificate installed on the master controller. Use the

show crypto-local pki ServerCert command to display the server certificates that have

been imported into the controller.

interface

Specify the uplink or VLAN interface on the master controller to initiate IKE.

uplink

Use the master controller’s current active uplink to initiate IKE.

vlan <id>

Specify a VLAN interface on the master controller to initiate IKE. If you do not specify a

VLAN, the controller IP will be used.

fqdn <fqdn>

Identify a dynamically addressed local controller by entering the Fully Qualified Domain

Name (FQDN) of the controller.

suite-b

If you configure your master and local controllers to use IKEv2 and custom-installed

certificates, you can optionally use Suite-B cryptographic algorithms for IPsec

encryption. Specify one of the following options:

l gcm-128 Use 128-bit AES-GCM Suite-B encryption

l gcm-256 Use 256-bit AES-GCM Suite-B encryption

ipsec-factory-cert

Use the factory-installed certificate on the master controller to establish a master-local