EasyManua.ls Logo

Alcatel-Lucent AOS-W 6.5.3.x - Page 922

Alcatel-Lucent AOS-W 6.5.3.x
1160 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
(host)(config) #localip <ipaddr> ipsec <secret_key>
Configuring a Local Switch PSK
Use the procedure below to configure the IP address and PSK for the local switch.
In the WebUI
To configure a local switch PSK:
1. Navigate to Configuration > Network > Switch > System Settings.
2. The procedure to configure a local PSK varies, depending upon whether it is configured using a local switch
or a master switch.
n On a local switch, enter the IPsec key in the IPSec Key (IKE PSK) and Retype IPSec Key (IKE PSK)
fields.
n On a master switch, click New under Local Switch IPSec Keys. then enter the local switch IP address
and then enter and retype the IPsec key. Click Add.
3. Click Apply.
In the CLI
To configure a local switch PSK:
On the local switch the PSK must match the master switch’s PSK.
(host)(config)#masterip <ipaddr> ipsec <secret_key> [fqdn <fqdn>][uplink][vlan <id>]
Configuring a Switch Certificate
The following sections describe how to use the command-line interface to select a factory-installed or custom
certificate for secure inter-switch communication.
Configuring a Local Switch Certificate
n Issue the following command on a master switch to configure the factory-installed certificate for secure
communication between that master and a local switch.
(host)(config) #local-factory-cert local-mac <mac>
In this command, <mac> is the MAC address of the local switch’s factory-installed certificate.
n Issue the following command on a master switch to configure a custom certificate for secure
communication between that master and a local switch.
(host)(config) #local-custom-cert local-mac <mac> ca-cert <ca> server-cert <cert> suite-b
<gcm-128 | gcm-256>
In this command, <mac> is the MAC address of the local switch’s custom certificate.
Configuring a Master Switch Certificate
Issue the following command on a local switch to configure the preshared key or certificate for the master
switch.
(host)(config) #masterip <ipaddr>
ipsec <key> [interface uplink|{vlan <id>}] [fqdn <fqdn>]
ipsec-custom-cert master-mac1 <mac1> [master-mac2 <mac2>] ca-cert <ca> server-cert <cert>
[interface uplink|{vlan <id>}] [fqdn <fqdn>] [suite-b gcm-128|gcm-256]
ipsec-factory-cert master-mac1 <mac1> [master-mac2 <mac2>] [interface uplink|{vlan <id>}]
[fqdn <fqdn>]
AOS-W 6.5.3.x | User Guide Adding Local Switches | 922

Table of Contents