Manualshelf

User's Manual

ManualsBrandsDell ManualsComputer equipmentPowerConnect W-6000
121122123124125126127128129130
Configuring Networks with Clusters of Master Controllers
If your network includes multiple master controllers each with their own hierarchy of APs and local controllers,
you can allow APs from one hierarchy to failover to any other hierarchy by defining a cluster of master
controllers. Each cluster has one master controller as its cluster root, and all other master controllers as cluster
members. The master controller operating as the cluster root creates a self-signed certificate, then certifies its
own local controllers and APs. Next, the cluster root sends a certificate to each cluster member, which in turn
certifies its own local controllers and APs. Because all controllers and APs in the cluster have the same trust
anchor, the APs can switch to any other controller in the cluster and still remain securely connected to the
network.
Figure 7 A Cluster of Master Controllers using Control Plane Security
To create a controller cluster, you must first define the root master controller and set an IPsec key or select a
certificate for communications between the cluster root and cluster members.
You must use the command-line interface to configure certificate authentication for cluster members. The WebUI
supports cluster authentication using IPsec keys only. If your master and local controllers use a pre-shared key for
authentication, they create the IPsec tunnel using IKEv1. If your master and local controllers use certificates for
authentication, the IPsec tunnel is created using IKEv2.
Creating a Cluster Root
Use the WebUI to identify a controller as a cluster root, and use an IPsec key to secure communication
between the cluster root and cluster members. Use the command-line interface to create a cluster root using
an IPsec key, factory-installed certificate, or custom certificate.
To create a cluster root using the WebUI:
1. Access the WebUI of the controller you want to identify as the cluster root, and navigate to Configuration
> Controller.
2. Click the Cluster Setting tab.
3. For the cluster role, select Root.
4. In the Cluster Member IPsec Keys section, enter the controller IP address of a member controller in the
cluster. If you want to use a single key for all member controllers, use the IP address 0.0.0.0.
5. In the IPsec Key and Retype IPsec Key fields, enter the IPsec key for communication between the
specified member controller and the cluster root.
6. Click Add.
7. Optional: repeat steps 4-6 to add another member controller to the cluster.
Dell Networking W-Series ArubaOS 6.4.x | User Guide Control Plane Security | 121