API Guide
iii. Configure the logical switch instance, of-switch-1.
OS10# configure terminal
OS10 (config)# openflow
OS10 (config-openflow)# switch of-switch-1
4. Configure one or more OpenFlow controllers with either IPv4 or IPv6 addresses to establish a connection with the logical
switch instance. You can configure up to eight OpenFlow controllers.
OS10 (config-openflow-switch)# controller ipv4 ip-address port port-id
OS10 (config-openflow-switch)# controller ipv6 ipv6-address port port-id
OS10 (config-openflow-switch)# controller ipv4 10.1.1.1 port 6633
OS10 (config-openflow-switch)# controller ipv4 10.1.1.8 port 6633
OS10 (config-openflow-switch)# controller ipv4 10.1.1.12 port 6633
OS10 (config-openflow-switch)# controller ipv4 10.1.2.17 port 6633
OS10 (config-openflow-switch)# controller ipv4 10.1.23.12 port 6633
OS10 (config-openflow-switch)# controller ipv4 10.1.99.121 port 6633
OS10 (config-openflow-switch)# controller ipv6 2025::1 port 6633
OS10 (config-openflow-switch)# controller ipv6 2025::12 port 6633
where IP or IPv6 address is of the controller and port 6633 is for OpenFlow communication.
5. Enter the no shutdown command to enable the logical switch instance.
OS10 (config-openflow-switch) no shutdown
Establish TLS connection
● Generate the switch and controller certificates from a server that supports public-key infrastructure (PKI). You need the
following certificates:
○ Controller certificate
○ Switch certificate
○ Private key file to verify the switch certificate
● The certificates and private key files must be in the Privacy-Enhanced Mail (PEM) format.
For certificate-based authentication, you must establish a TLS connection between the switch and the controller before you
configure OpenFlow on the switch. The following procedure explains how to install the controller and switch certificates on the
OS10 switch. Refer to the controller documentation for information on how to install the certificates on the controller.
NOTE:
This procedure is optional. Use this procedure if you want to configure certificate-based authentication between the
switch and the controller.
1. Log in to the OS10 switch with administrator credentials.
2. Enter the following command to copy the certificates to the OS10 switch.
In the following commands, the destination path and the destination file name on the OS10 switch, for example,
config://../openflow/cacert.pem, remain the same in your deployment. Ensure that you enter the destination path
and destination file names as specified in the following example:
OS10# copy scp://username:password@server-ip/full-path-to-the-certificates/controller-
cert.pem config://../openflow/cacert.pem
OS10# copy scp://username:password@server-ip/full-path-to-the-certificates/switch-
cert.pem config://../openflow/sc-cert.pem
OS10# copy scp://username:password@server-ip/full-path-to-the-certificates/switch-
privkey.pem config://../openflow/sc-privkey.pem
where server-ip refers to the server where you have stored the certificates, and username and password refers to the
credentials you need to access the server with the certificates.
3. Perform the steps described in the Configure OpenFlow protocol on the switch topic to configure OpenFlow.
1100
OpenFlow