Release Notes

ManualsBrandsDell ManualsTVs & monitorsW-620

251

252

253

254

255

256

257

258

259

260

257 | cluster-root-ip Dell Networking W-Series ArubaOS 6.4.x| Reference Guide

cluster-root-ip

cluster-root-ip <ip-address>

ipsec <key>

ipsec-custom-cert root-mac1 <mac1> [root-mac2 <mac2>] ca-cert <ca> server-cert <cert>

[suite-b <gcm-128 | gcm-256>]

ipsec-factory-cert root-mac-1 <mac> [root-mac-1 <mac>]

Description

This command sets the controller as a control plane security cluster member, and defines the IPsec key or

certificate for secure communication between the cluster member and the controller’s cluster root.

Syntax

Parameter Description

<ip-address>

The IP address of control plane security cluster root controller. To set a single

IPsec key for all member controllers in the cluster use the IP address 0.0.0.0.

ipsec <key>

Set the value of the IPsec pre-shared key for communication with the cluster

root. This parameter must be have the same value as the IPsec key defined for

the cluster member via the cluster-member-ip command.

ipsec-factory-cert

Use a factory-installed certificate for secure communication between the

cluster root and the specified cluster member by specifying the MAC address of

the certificate.

root-mac-1 <mac>

Specify MAC address of the cluster root.

root-mac-2 <mac>

Specify MAC address of the redundant cluster Root.

ipsec-custom-cert

Use a custom user-installed certificate for secure communication between the

cluster root and the specified cluster member.

root-mac-1 <mac>

Specify the MAC address of the cluster-root’s certificate.

root-mac-2 <mac>

(Optional) If your network has multiple master controllers, use this parameter to

specify he MAC address of the redundant cluster-root’s certificate.

ca-cert <ca>

Name of the CA certificate uploaded via the WebUI

server-cert <cert>

Name of the server certificate uploaded via the WebUI.

suite-b

To use Suite-B encryption in the secure communication between the cluster

root and cluster member, specify one of the following Suite-B algorithms

l gcm-128: Encryption using 128-bit AES-GCM

l gcm-256: Encryption using 256-but AES-GCM

Usage Guidelines

If your network includes multiple master controllers each with their own hierarchy of APs and local controllers,

you can allow APs from one hierarchy to failover to any other hierarchy by defining a cluster of master

controllers. Each cluster will have one master controller as its cluster root, and all other master controllers as

cluster members.

The master controller operating as the cluster root will use the control plane security feature to create a self-

signed certificate, then certify it’s own local controllers and APs. Next, the cluster root will send the certificate to