Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout RBT-8100

141

142

143

144

145

146

147

148

149

150

Configuring RBT-Switch to RBT-Switch Security

RoamAbout Mobility System Software Configuration Guide 7-5

Clearing a Mobility Domain Member from a Seed

YoucanremoveindividualmembersfromtheMobilityDomainontheseedRoamAboutSwitch.

ToremoveaspecificmemberoftheMobilityDomain,typethefollowingcommand:

clear mobility-domain member ip-addr

ThiscommandhasnoeffectiftheRoamAboutSwitchmemberisnotconfiguredaspartofa

MobilityDomainorthecurrentRoamAboutSwitchisnottheseed.

Configuring RBT-Switch to RBT-Switch Security

YoucanenhancesecurityonyournetworkbyenablingRoamAboutSwitchtoRoamAboutSwitch 

security.RoamAbou tSwitchtoRoamAboutSwitchsecurityencryptsmanagementtraffic

exchangedbyRoamAboutSwitchesinaMobilityDomain.

WhenRoamAboutSwitchtoRoamAboutSwitchsecurityisenabled,managementtrafficamong

RoamAboutSwitchesintheMobilityDomainis

encryptedusingAES.Thekeyingmaterialis

dynamicallygeneratedforeachsessionandpassedamongswitchesusingpublickeysthatyou

configure.

ToconfigureRoamAboutSwitchtoRoamAboutSwitchsecurity:

•SetMobilityDomainsecurityoneachswitchtorequired.Thedefaultsettingisnone.

RoamAboutSwitchtoRoamAboutSwitchsecuritycan

bedisabledorenabledonaMobilit y

Domainbasis.Thefeaturemusthavethesamesetting(requiredornone)onallswitchesin

theMobilityDomain.Usethefollowingcommandontheseedandoneachmembertoenable

RoamAboutSwitchtoRoamAboutSwitchsecurity:

set domain security required

Thiscommandalsocreatesacertificate.

•OntheMobilityDomainseed,specifythepublickeyforeachmember.Usethefollowing

command:

set mobility-domain member ip-addr key hex-bytes

Specifythekeyas16hexadecimalbytes,separatedbycolons.Hereisanexample:

00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff

•Oneachmemberswitch,specifytheseed’sIPaddressanditspublickey.Usethefollowing

command:

set mobility-domain mode member seed-ip ip-addr key hex-bytes

Thiscommanddoesnotneedtobeenteredontheseedswitch.

•Ontheseedandoneachmember,generateaprivatekey.Usethefollowingcommand:

crypto generate key domain 128

Monitoring the VLANs and Tunnels in a Mobility Domain

TunnelsconnectRoamAboutswitches.TunnelsareformedautomaticallyinaMobilityDomainto

extendaVLANtotheRoamAboutSwitchthat aroamingstationisassociatedwith.Asingle

tunnelcancarrytrafficformanyusersandmanyVLANs.Thetunnelportcancarrytrafficfor

multipleVLANsbymeansof

multiplevirtualports.