In the CLI
To purge a switch whitelist:
(host) #whitelist-db cpsec-master-switch-list purge
(host) #whitelist-db cpsec-local-switch-list purge
Working in Environments with Multiple Master Switches
This section describes the configuration steps required in a multiple master switches network.
Configuring Networks with Clusters of Master Switches
If your network includes multiple master switches each with their own hierarchy of APs and local switches, you
can allow APs from one hierarchy to failover to any other hierarchy by defining a cluster of master switches.
Each cluster has one master switch as its cluster root, and all other master switches as cluster members. The
master switch operating as the cluster root creates a self-signed certificate, then certifies its own local switches
and APs. Next, the cluster root sends a certificate to each cluster member, which in turn certifies its own local
switches and APs. Because all switches and APs in the cluster have the same trust anchor, the APs can switch to
any other switch in the cluster and still remain securely connected to the network.
Figure 7 A Cluster of Master Switches using Control Plane Security
To create a switch cluster, you must first define the root master switch and set an IPsec key or select a
certificate for communications between the cluster root and cluster members.
You must use the command-line interface to configure certificate authentication for cluster members. The WebUI
supports cluster authentication using IPsec keys only. If your master and local switches use a pre-shared key for
authentication, they create the IPsec tunnel using IKEv1. If your master and local switches use certificates for
authentication, the IPsec tunnel is created using IKEv2.
Creating a Cluster Root
Use the WebUI to identify a switch as a cluster root, and use an IPsec key to secure communication between
the cluster root and cluster members. Use the command-line interface to create a cluster root using an IPsec
key, factory-installed certificate, or custom certificate.
In the WebUI
To create a cluster root:
AOS-W 6.5.3.x | User Guide Control Plane Security | 70
To Next Page
Loading...