Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-3200
131132133134135136137138139140
own local controllers and APs. Next, the cluster root sends a certificate to each cluster member, which in turn
certifies its own local controllers and APs. Because all controllers and APs in the cluster have the same trust
anchor, the APs can switch to any other controller in the cluster and still remain securely connected to the
network.
Figure 7 A Cluster of Master Controllers using Control Plane Security
To create a controller cluster, you must first define the root master controller and set an IPsec key or select a
certificate for communications between the cluster root and cluster members.
You must use the command-line interface to configure certificate authentication for cluster members. The WebUI
supports cluster authentication using IPsec keys only. If your master and local controllers use a pre-shared key for
authentication, they create the IPsec tunnel using IKEv1. If your master and local controllers use certificates for
authentication, the IPsec tunnel is created using IKEv2.
Creating a Cluster Root
Use the WebUI to identify a controller as a cluster root, and use an IPsec key to secure communication
between the cluster root and cluster members. Use the command-line interface to create a cluster root using
an IPsec key, factory-installed certificate, or custom certificate.
In the WebUI
To create a cluster root:
1. Access the WebUI of the controller you want to identify as the cluster root, and navigate to Configuration
> Controller.
2. Click the Cluster Setting tab.
3. For the cluster role, select Root.
4. In the Cluster Member IPsec Keys section, enter the controller IP address of a member controller in the
cluster. If you want to use a single key for all member controllers, use the IP address 0.0.0.0.
5. In the IPsec Key and Retype IPsec Key fields, enter the IPsec key for communication between the
specified member controller and the cluster root.
6. Click Add.
7. Optional: repeat steps 4-6 to add another member controller to the cluster.
8. Click Apply.
Dell Networking W-Series ArubaOS 6.4.x | User Guide Control Plane Security | 136