Release Notes

ManualsBrandsDell ManualsTVs & monitorsW-620

551

552

553

554

555

556

557

558

559

560

master-redundancy peer-ip

master-redundancy peer-ip <ipaddr>

ipsec <key>

ipsec-custom-cert master-mac <mac> ca-cert <ca> server-cert <cert> [suite-b gcm-128|gcm-

256]

ipsec-factory-cert master-mac <mac>

Description

This command configures the IP address and preshared key or certificate for a redundant master controller on

another master controller.

Syntax

Parameter Description

IP address of the redundant controller. Use the 0.0.0.0 address to configure a

global preshared key for all inter-controller communications.

ipsec <key>

To establish the master-master IPsec tunnel using IKEv1, enter a preshared key

between 6-64 characters.

ipsec-custom-cert

Use a custom-installed certificate on the controller to establish the master-

master IPsec tunnel using IKEv2

master-mac <mac>

The MAC address of the certificate on the redundant master controller.

ca-cert <ca>

User-defined name of a trusted CA certificate installed on the redundant master

controller. Use the show crypto-local pki TrustedCA command to display the

CA certificates that have been imported into the controller.

server-cert <cert>

User-defined name of a server certificate installed on on the redundant master

controller. Use the show crypto-local pki ServerCert command to display the

server certificates that have been imported into the controller.

suite-b

If you configure your master controllers to use IKEv2 and custom-installed

certificates, you can optionally use Suite-B cryptographic algorithms for IPsec

encryption. Specify one of the following options:

l gcm-128 Use 128-bit AES-GCM Suite-B encryption

l gcm-256 Use 256-bit AES-GCM Suite-B encryption

ipsec-factory-cert

Use the factory-installed certificate on the master controller to establish a

master-local IPsec tunnel using IKEv2.

master-mac <mac>

The MAC address of the certificate on the redundant master controller.

Usage Guidelines

Use this command on a master controller to configure the IP address and preshared key or certificates for

communication with a redundant master controller.

If your master controllers use a pre-shared key for authentication, they will create the IPsec tunnel using IKEv1.

If your master and local controllers use certificates for authentication, the IPsec tunnel will be created using

IKEv2.

Dell Networking W-Series ArubaOS 6.4.x | Reference Guide master-redundancy peer-ip | 556