Dell 6.2 Server User Manual

Open as PDF

of 869

Figure 21: A Cluster of Master Controllers using Control Plane Security

To create a controller cluster, you must first define the root master controller and set an IPsec key or select a

certificate for communications between the cluster root and cluster members.

NOTE: You must use the command-line interface to configure certificate authentication for cluster members. The WebUI supports

cluster authentication using IPsec keys only. If your master and local Dell controllers use a pre-shared key for authentication, they

create the IPsec tunnel using IKEv1. If your master and local Dell controllers use certificates for authentication, the IPsec tunnel is

created using IKEv2.

Creating a Cluster Root

Use the WebUI to identify a controller as a cluster root and use an IPsec key to secure communication between the

cluster root and cluster members. Use the command-line interface to create a cluster root using an IPsec key, factory-

installed certificate or custom certificate.

To create a cluster root using the WebUI:

1. Access the WebUI of the controller you want to become the cluster root, and navigate

toConfiguration>Controller.

2. Click the Cluster Setting tab.

3. For the cluster role, select Root.

4. In the Cluster Member IPsec Keys section, enter the switch IP address of a member controller in the cluster. If

you want to use a single key for all member Dell controllers, use the IP address 0.0.0.0.

5. In the IPsec Key and Retype IPsec Key fields, enter the IPsec key for communication between the specified

member controller and the cluster root.

6. Click Add.

Optional

: repeat steps 4-6 to add another member controller to the cluster.

8. Click Apply to save your settings

To create a cluster root via the CLI, access the command-line interface of the controller you want to become the

root of the controller cluster, then issue one of the following commands.

l To authenticate cluster members using a custom certificate:

cluster-member-custom-cert member-mac <mac> ca-cert <ca> server-cert <cert> suite-b <gcm-

128 | gcm-256>]

l To authenticate cluster members using a factory-installed certificate.

cluster-member-factory-cert member-mac <mac>

l To authenticate cluster members using an IPsec key:

cluster-member-ip <ip-address> ipsec <key>

DellPowerConnectW-SeriesArubaOS6.2 | User Guide ControlPlane Security | 91

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Dell 6.2 Server User Manual