Filter
Top Products
90 |ControlPlaneSecurity DellPowerConnectW-SeriesArubaOS6.2 | User Guide
Purging the Master or Local Switch Whitelist
There is no need to purge a master switch whitelist during the course of normal operation. If, however, you are
removing a controller from the network, you can purge its switch whitelist after it has been disconnected from the
network. To clear a local switch whitelist entry on a master controller that is still connected to the network, select
that individual whitelist entry and delete it using the delete option.
To purge a switch whitelist via the WebUI, use the following procedure:
1. Access the controller’s WebUI, and navigate to Configuration>Controller.
2. Select the Control Plane Security tab.
3. To clear the Local Switch Whitelist: In the Local Switch List For AP Whitelist Sync section, click Purge.
Or,
4. To clear the Master Switch Whitelist: In the Master Switch List For AP Whitelist Sync section, click Purge.
To purge a switch whitelist via the command-line interface, issue the following commands:
whitelist-db cpsec-master-switch-list purge
whitelist-db cpsec-local-switch-list purge
Working in Environments with Multiple Master Controllers
Configuring Networks with a Backup Master Controller
If your network includes a redundant backup master controller, you
must synchronize the database from the primary
master to the backup master at least once
after all APs are communicating with their Dell controllers over a secure
channel. This ensures that all certificates, IPsec keys and campus AP whitelist entries are synchronized to the backup
controller. You should also synchronize the database any time the campus AP whitelist changes (APs are added or
removed to ensure that the backup controller has the latest settings.
Master and backup Dell controllers can be synchronized using either of the following methods.
l Manual Synchronization: Issue the database synchronize CLI command in enable mode to manually
synchronize databases from your primary controller to the backup controller.
l Automatic Synchronization: Schedule automatic database backups using the database synchronize period CLI
command in config mode.
WARNING: If you add a new backup controller to an existing controller, the backup controller must be added as the lower
prioritycontroller. If the backup controller is not added as a lower priority controller, your control plane security keys and certificates
may be lost. If you want the new backup controller to become your primary controller, increase the priority of that controller to a
primary controller
after
you have synchronized your data.
Configuring Networks with Clusters of Master Controllers
If your network includes multiple master Dell controllers each with their own hierarchy of APs and local Dell
controllers, you can allow APs from one hierarchy to failover to any other hierarchy by defining a
cluster
of master
Dell controllers. Each cluster has one master controller as its cluster root, and all other master Dell controllers as
cluster members. The master controller operating as the cluster root creates a self-signed certificate, then certify it’s
own local Dell controllers and APs. Next, the cluster root sends a certificate to each cluster member, which in turn
certifies their own local Dell controllers and APs. Since all Dell controllers and APs in the cluster have the same trust
anchor, the APs can switch to any other controller in the cluster and still remain securely connected to the network.