Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-3200
141142143144145146147148149150
Replacing a Redundant Cluster Root Controller
Best practices is to use a backup controller with your cluster root controller. If your cluster root has a backup
controller, you can replace the backup cluster root without having to reboot all cluster master and local
controllers, minimizing network disruptions.
The control plane security feature requires you to synchronize databases from the primary controller to the
backup controller at least once after the network is up at running. This ensures that all certificates, keys, and
whitelist entries are synchronized to the backup controller. Because the AP whitelist may change periodically,
you should regularly synchronize these settings to the backup controller. For details, see Configuring Networks
with a Backup Master Controller on page 135.
When you install a new backup cluster root, you must add it as a lower priority controller than the existing
primary controller. After you install the backup cluster root on the network, resynchronize the database from
the existing primary controller to the new backup controller to ensure that all certificates, keys, and whitelist
entries required for control plane security are added to the new backup controller configuration. If you want
the new controller to act as the primary controller, you can increase that controller’s priority after the settings
have been resynchronized.
Configuring Control Plane Security after Upgrading
When you initially deploy a controller running ArubaOS 6.0 or later, create your initial control plane security
configuration using the initial setup wizard. However, if you are upgrading to ArubaOS 6.0 or if you are
upgrading from ArubaOS 5.0 but did not yet have control plane security enabled before the upgrade, then you
can use the strategies described in Table 26 to enable and configure control plane security feature.
If you upgrade a controller running ArubaOS 5.0.x to ArubaOS 6.0 or later, then the controller’s control plane security
settings do not change after the upgrade. If control plane security was already enabled, then it remains enabled after
the upgrade. If it was not enabled previously, but you want to use the feature after upgrading, then you must
manually enable it.
Dell Networking W-Series ArubaOS 6.4.x | User Guide Control Plane Security | 142