Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-3200

131

132

133

134

135

136

137

138

139

140

137 | Control Plane Security Dell Networking W-Series ArubaOS 6.4.x| User Guide

In the CLI

To create a cluster root, access the command-line interface of the controller you want to identify as the root of

the controller cluster, then issue one of the following commands:

l To authenticate cluster members using a custom certificate:

(host)(config) #cluster-member-custom-cert member-mac <mac> ca-cert <ca> server-cert <cert>

suite-b <gcm-128|gcm-256>]

l To authenticate cluster members using a factory-installed certificate:

(host)(config) #cluster-member-factory-cert member-mac <mac>

l To authenticate cluster members using an IPsec key:

(host)(config) #cluster-member-ip <ip-address> ipsec <key>

The <ip-address> parameter in this command is the IP address of a member controller in the cluster, and the <key>

parameter in each command is the IPsec key for communication between the specified member controller and the

cluster root. Use the IP address 0.0.0.0 in this command to set a single IPsec key for all member controllers, or

repeat this command as desired to define a different IPsec key for each cluster member.

Creating a Cluster Member

Once you have identified the cluster root, you must then identify the member controllers in the cluster.

Use the WebUI to identify a controller as a cluster member, and use an IPsec key to secure communication

between the cluster member and the cluster root. Use the command-line interface to create a cluster member

and secure communications between that member and the cluster root using an IPsec key, factory-installed

certificate, or custom certificate.

In the WebUI

To create a cluster member:

1. Access the WebUI of the cluster member controller, and navigate to Configuration > Controller.

2. Click the Cluster Setting tab.

3. For the cluster role, select Member.

4. In the Controller IP Address field, enter the IP address of the root controller in the cluster.

5. In the IPsec Key and Retype IPsec Key fields, enter the IPsec key for communication between the

specified member controller and the cluster root. This parameter must be have the same value as the key

defined for the cluster member in Creating a Cluster Root on page 136.

6. Click Add.

7. Click Apply.

In the CLI

To create a cluster root via the CLI, access each of the member master controllers and define the IPsec key or

certificate for communication between that controller and the cluster root.

(host)(config) #cluster-root-ip <ip-address>

ipsec <key>

ipsec-custom-cert root-mac-1 <root-mac-address-1> [master-mac2 <mac2>] ca-cert <ca> server-

cert <cert> [suite-b <gcm-128 | gcm-256>]

ipsec-factory-cert root-mac-1 <root-mac-address-1> root-mac-2 <root-mac-address-2>

In this command the <ip-address> parameter is the IP address of the root master controller in the cluster. If

you are using an IPsec key, the <key> parameter in this command must be have the same value as the key

defined for the cluster member via the cluster-member-ip command.

Viewing Controller Cluster Setting

You can view the controller cluster configuration using the WebUI or CLI.