71| Control Plane Security AOS-W 6.5.3.x| User Guide
1. Access the WebUI of the switch you want to identify as the cluster root, and navigate to Configuration >
Switch.
2. Click the Cluster Setting tab.
3. For the cluster role, select Root.
4. In the Cluster Member IPsec Keys section, enter the switch IP address of a member switch in the cluster.
If you want to use a single key for all member switches, use the IP address 0.0.0.0.
5. In the IPsec Key and Retype IPsec Key fields, enter the IPsec key for communication between the
specified member switch and the cluster root.
6. Click Add.
7. Optional: repeat steps 4-6 to add another member switch to the cluster.
8. Click Apply.
In the CLI
To create a cluster root, access the command-line interface of the switch you want to identify as the root of the
switch cluster, then issue one of the following commands:
n To authenticate cluster members using a custom certificate:
(host)(config) #cluster-member-custom-cert member-mac <mac> ca-cert <ca> server-cert <cert>
suite-b <gcm-128|gcm-256>]
n To authenticate cluster members using a factory-installed certificate:
(host)(config) #cluster-member-factory-cert member-mac <mac>
n To authenticate cluster members using an IPsec key:
(host)(config) #cluster-member-ip <ip-address> ipsec <key>
The <ip-address> parameter in this command is the IP address of a member switch in the cluster, and the <key>
parameter in each command is the IPsec key for communication between the specified member switch and the
cluster root. Use the IP address 0.0.0.0 in this command to set a single IPsec key for all member switches, or repeat
this command as desired to define a different IPsec key for each cluster member.
Creating a Cluster Member
Once you have identified the cluster root, you must then identify the member switches in the cluster.
Use the WebUI to identify a switch as a cluster member, and use an IPsec key to secure communication
between the cluster member and the cluster root. Use the command-line interface to create a cluster member
and secure communications between that member and the cluster root using an IPsec key, factory-installed
certificate, or custom certificate.
In the WebUI
To create a cluster member:
1. Access the WebUI of the cluster member switch, and navigate to Configuration > Switch.
2. Click the Cluster Setting tab.
3. For the cluster role, select Member.
4. In the Switch IP Address field, enter the IP address of the root switch in the cluster.
5. In the IPsec Key and Retype IPsec Key fields, enter the IPsec key for communication between the
specified member switch and the cluster root. This parameter must be have the same value as the key
defined for the cluster member in Creating a Cluster Root on page 70.
6. Click Add.
7. Click Apply.
To Next Page
Loading...