Users Guide
Replacing a Redundant Master Controller
The control plane security feature requires you to synchronize databases from the primary master controller to
the backup master controller at least once after the network is up and running. This ensures that all certificates,
keys, and whitelist entries are synchronized to the backup controller. Because the AP whitelist may change
periodically, you should regularly synchronize these settings to the backup controller. For details, see
Configuring Networks with a Backup Master Controller on page 135.
When you install a new backup master controller, you must add it as a lower prioritycontroller than the existing
primary controller. After you install the backup controller on the network, synchronize the database from the
existing primary controller to the new backup controller to ensure that all certificates, keys, and whitelist
entries required for control plane security are added to the new backup controller configuration. If you want
the new controller to act as the primary controller, you can increase that controller’s priority after the settings
have been synchronized.
Replacing Controllers in a Multi-Master Network
Use the following procedures to replace a master or local controller in a network environment with a multiple
master controllers.
Replacing a Local Controller in a Multi-Master Network
The procedure to replace a local controller in a network with multiple master controllers is the same as the
procedure to replace a local controller in a single-master network. To replace a local controller in a multi-master
network, follow the procedure described in Replacing a Local Controller on page 138
Replacing a Cluster Member Controller with no Backup
The control plane security feature allows APs to fail over from one controller to another within a cluster.
Therefore, cluster members or their local controllers may have associated APs that were first certified under
some other cluster member (or the cluster root). If you permanently remove a cluster member whose APs were
all originally certified under the cluster member being removed, its associated APs do not need to reboot in
order to connect to a different controller. If, however, you remove a cluster member whose associated APs
were originally certified under a different cluster member, those APs need to reboot and be re-certified before
they can connect to a different controller. If the cluster member you are removing has local controllers, the
local controllers also reboot so they can be updated with new certificates, then pass the trust update to their
terminating APs.
To replace a cluster member that does not have a backup controller:
1. On the cluster master to be removed, clear the cluster root IP address by accessing the command-line
interface and issuing the no cluster-root-ip <cluster-root-ip> ipsec <clusterkey> command.
2. Remove the cluster member from the network.
3. If the cluster master you removed has any associated APs, you must reboot those APs so they receive an
updated certificate.
4. If the cluster member you removed has any associated local controllers, reboot those local controllers so
they receive a new certificate and then pass that trust update to their APs.
5. Remove the cluster master from the cluster root’s master controller list by accessing the command-line
interface on the cluster root and issuing the whitelist-db cpsec-master-switch-list del mac-address
<cluster-master-mac> command.
This step is very important. Unused local controller entries in the local controller whitelist can significantly
increase network traffic and reduce controller memory resources.
Dell Networking W-Series ArubaOS 6.4.x | User Guide Control Plane Security | 140