AOS-W 6.5.3.x | User Guide Adding Local Switches | 920
Chapter 37
Adding Local Switches
This chapter explains how to expand your network by adding a local switch to a master switch configuration.
Typically, this is the first expansion of a network with just one switch (which is a master switch). This chapter is a
basic discussion of creating master-local switch configurations. More complicated multi-switch configurations
are discussed in other chapters.
This chapter describes the following topics:
n Moving to a Multi-Switch Environment on page 920
n Configuring Local Switches on page 923
n Uplink Monitoring and Management on page 925
Moving to a Multi-Switch Environment
For a single WLAN configuration, the master switch is the switch which controls the RF and security settings of
the WLAN. Additional switches to the same WLAN serve as local switches to the master switch. The local switch
operates independently of the master switch and depends on the master switch only for its security and RF
settings. You configure the layer-2 and layer-3 settings on the local switch independent of the master switch.
The local switch needs to have connectivity to the master switch at all times to ensure that any changes on the
master are propagated to the local switch.
Some of the common reasons to move from a single to a multi-switch-environment include:
n Scaling to include a larger coverage area
n Setting up remote Access Points (APs)
n Network setup requires APs to be redistributed from a single switch to multiple switches
You can use a pre-shared key (PSK) or a certificate to create IPSec tunnels between a master and backup master
switches and between master and local switches. These inter-switch IPsec tunnels carry management traffic
such as mobility, configuration, and master-local information.
An inter-switch IPsec tunnel can be used to route data between networks attached to the switches if you have
installed PEFV licenses in the switches. To route traffic, configure a static route on each switch specifying the
destination network and the name of the IPsec tunnel.
There is a default PSK to allow inter-switch communications, however, for security you need to configure a
unique PSK for each switch pair. You can use either the WebUI or CLI to configure a 6-64 character PSK on
master and local switches. To configure a unique PSK for each switch pair, you must configure the master
switch with the IP address of the local and the PSK, and configure the local switch with the IP address of the
master and the PSK.
You can configure a global PSK for all master-local communications, although this is not recommended for
networks with more than two switches. On the master switch, use 0.0.0.0 for the IP address of the local. On
the local switch, configure the IP address of the master and the PSK.
The local switch can be located behind a NAT device or over the Internet. On the local switch, when you specify
the IP address of the master switch, use the public IP address for the master.
If your master and local switches use PSK for authentication, the IPsec tunnel will be created using IKEv1. If
they use a factory-installed or custom certificate, they will use IKEv2 to create the IPsec tunnel. Switches using
To Next Page
Loading...