Concept Guide
cluster-root-ip
cluster-root-ip <ip-address>
ipsec <key>
ipsec-custom-cert root-mac1 <mac1> [root-mac2 <mac2>] ca-cert <ca> server-cert <cert>
[suite-b <gcm-128 | gcm-256>]
ipsec-factory-cert root-mac-1 <mac> [root-mac-1 <mac>]
Description
This command sets the controller as a control plane security cluster member, and defines the IPsec key or
certificate for secure communication between the cluster member and the controller’s cluster root.
Syntax
Parameter Description
<ip-address>
The IP address of control plane security cluster root controller. To set a single
IPsec key for all member controllers in the cluster use the IP address 0.0.0.0.
ipsec <key>
Set the value of the IPsec pre-shared key for communication with the cluster
root. This parameter must be have the same value as the IPsec key defined for
the cluster member via the cluster-member-ip command.
ipsec-factory-cert
Use a factory-installed certificate for secure communication between the
cluster root and the specified cluster member by specifying the MAC address
of the certificate.
root-mac-1 <mac>
Specify MAC address of the cluster root.
root-mac-2 <mac>
Specify MAC address of the redundant cluster Root.
ipsec-custom-cert
Use a custom user-installed certificate for secure communication between the
cluster root and the specified cluster member.
root-mac-1 <mac>
Specify the MAC address of the cluster-root’s certificate.
root-mac-2 <mac>
(Optional) If your network has multiple master controllers, use this parameter
to specify he MAC address of the redundant cluster-root’s certificate.
ca-cert <ca>
Name of the CA certificate uploaded via the WebUI
server-cert <cert>
Name of the server certificate uploaded via the WebUI.
suite-b
To use Suite-B encryption in the secure communication between the cluster
root and cluster member, specify one of the following Suite-B algorithms
l gcm-128: Encryption using 128-bit AES-GCM
l gcm-256: Encryption using 256-but AES-GCM
Dell Networking W-Series ArubaOS 6.5.x | Reference Guide cluster-root-ip | 286