CLI Reference Guide

438 | master-redundancy peer-ip Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide
master-redundancy peer-ip
master-redundancy peer-ip <ipaddr>
ipsec <key>
ipsec-custom-cert master-mac <mac> ca-cert <ca> server-cert <cert> [suite-b gcm-128|gcm-
256]
ipsec-factory-cert master-mac <mac>
Description
This command configures the IP address and preshared key or certificate for a redundant master controller on
another master controller.
Syntax
Parameter Description
<ipaddr>
IP address of the redundant controller. Use the 0.0.0.0 address to configure a global
preshared key for all inter-controller communications.
ipsec <key>
To establish the master-master IPsec tunnel using IKEv1, enter a preshared key between 6-
64 characters.
ipsec-custom-cert
Use a custom-installed certificate on the controller to establish the master-master IPsec
tunnel using IKEv2
master-mac <mac>
The MAC address of the certificate on the redundant master controller.
ca-cert <ca>
User-defined name of a trusted CA certificate installed on the redundant master controller.
Use the show crypto-local pki TrustedCA command to display the CA certificates that have
been imported into the controller.
server-cert
<cert>
User-defined name of a server certificate installed on on the redundant master controller.
Use the show crypto-local pki ServerCert command to display the server certificates that
have been imported into the controller.
suite-b
If you configure your master controllers to use IKEv2 and custom-installed certificates, you
can optionally use Suite-B cryptographic algorithms for IPsec encryption. Specify one of the
following options:
l gcm-128 Use 128-bit AES-GCM Suite-B encryption
l gcm-256 Use 256-bit AES-GCM Suite-B encryption
ipsec-factory-cert
Use the factory-installed certificate on the master controller to establish a master-local
IPsec tunnel using IKEv2.
master-mac <mac>
The MAC address of the certificate on the redundant master controller.
Usage Guidelines
Use this command on a master controller to configure the IP address and preshared key or certificates for
communication with a redundant master controller.
If your master controllers use a pre-shared key for authentication, they will create the IPsec tunnel using IKEv1. If
your master and local controllers use certificates for authentication, the IPsec tunnel will be created using IKEv2.