73| Control Plane Security AOS-W 6.5.3.x| User Guide
n Manual Synchronization: Issue the database synchronize command in enable mode to manually
synchronize databases from your primary switch to the backup switch.
n Automatic Synchronization: Schedule automatic database backups using the database synchronize
period command in configuration mode.
If you add a new backup switch to an existing switch, you must add the backup switch as the lower priority switch. If
you do not add the backup switch as a lower priority switch, your control plane security keys and certificates may be
lost. If you want the new backup switch to become your primary switch, increase the priority of that switch to a
primary switch after you have synchronized your data.
Replacing a Switch on a Multi-Switch Network
The procedure to replace a switch within a multi-switch network varies, depending upon the role of that switch,
whether the network has a single master switch or a cluster of master switches, and whether or not the switch
has a backup.
The following sections describe the steps to replace an existing switch. To add a new local switch to a network, or to
permanently remove a local switch without replacing it, see Viewing the Master or Local Switch Whitelists on page
68.
Replacing Switches in a Single Master Network
Use the procedures in this section to replace a master or local switch in a network environment with a single
master switch.
Replacing a Local Switch
Use the following procedure to replace a local switch in a single-master network:
1. Disconnect the local switch from the network.
2. If you plan on moving the local switch to another location on the network, purge the campus AP whitelist on
the switch.
Access the command-line interface on the old local switch and issue the whitelist-db cpsec purge
command.
or,
Access the local switch WebUI, navigate to Configuration > AP Installation > Campus AP Whitelist and
click Purge.
3. Once you purge the campus AP whitelist, you must inform the master switch that the local switchis no
longer available using one of these two methods:
This step is very important; unused local switch entries in the local switch whitelist can significantly increase
network traffic and reduce switch memory resources.
n Access the command-line interface on the master switch, and issue the whitelist-db cpsec-local-
switch-list del mac-address <local--mac> command.
n Access the master switch WebUI, navigate to Configuration > Switch > Control Plane Security,
select the entry for the local switch you want to delete from the local switch whitelist, and click Delete.
4. Install the new local switch, but do not connect it to the network yet. If the switch has been previously
installed on the network, you must ensure that the new local switch has a clean whitelist.
5. Purge the local switch whitelist using one of the following two methods:
n Access the command-line interface on the new local switch and issue the whitelist-db cpsec purge
command.
To Next Page
Loading...