Filter
Top Products
Replacing Controllers in a Multi-Master Network
Use the following procedures to replace a master or local controller in a network environment with a multiple master
Dell controllers.
Replacing a Local Controller in a Multi-Master Network
The procedure to replace a local controller in a network with multiple master Dell controllers is the same as the
procedure to replace a local controller is a single-master network. To replace a local controller in a multi-master
network, follow the procedure described in "Replacing a Local Controller" on page 93
Replacing a Cluster Member Controller with no Backup
The control plane security feature allows APs to fail over from one controller to another within a cluster. Therefore,
cluster members or their local Dell controllers may have associated APs that were first certified under some other
cluster member (or the cluster root). If you permanently remove a cluster member whose APs were all originally
certified under the cluster member being removed, its associated APs do not need to reboot in order to connect to a
different controller. If, however, you remove a cluster member whose associated APs were originally certified under a
different
cluster member, those APs need to reboot and get recertified before they can connect to a different
controller. If the cluster member you are removing has local Dell controllers, the local Dell controllers also reboot so
they can update themselves with new certificates, then pass the trust update to their terminating APs.
To replace a cluster member that does not have a backup controller:
1. On the cluster master to be removed, clear the cluster root IP address by accessing the command-line interface
and issuing the command
no cluster-root-ip <cluster-root-ip> ipsec <clusterkey>
2. Remove the cluster member from the network.
3. If the cluster master you removed has any associated APs, you must reboot those APs so they get an updated
certificate.
4. If the cluster member you removed has any associated local Dell controllers, reboot those local Dell controllers so
they can get a new certificate and then pass that trust update to their APs.
5. Remove the cluster master from the cluster root’s master controller list by accessing the command-line interface
on the cluster root and issuing the command whitelist-db cpsec-master-switch-list del mac-address
<cluster-master-mac>.
NOTE: This step is very important; unused local controller entries in the local switch whitelist can significantly increase network
traffic and reduce controller memory resources.
6. Remove the old cluster member from the network. Remember, that controller still has campus AP whitelist
entries from the entire cluster. You may want to delete or revoke unwanted entries from the campus AP whitelist.
Now, you must install the new cluster member controller according to the procedure described in "Creating a Cluster
Member" on page 92. The new cluster member obtains a certificate from the cluster root when it first becomes
active.
7. If the new cluster member has any associated APs, reboot those APs to allow them to get a trust update.
8. If the new cluster member has any local Dell controllers, reboot the local controllers associated with the new
cluster member. The local Dell controllers obtain a new certificate signed by the cluster member, and then pass
that trust update to their associated APs.
Replacing a Redundant Cluster Member Controller
The control plane security feature requires you to synchronize databases from the primary controller to the backup
controller at least once after the network is up at running. This ensures that all certificates, keys and whitelist entries
DellPowerConnectW-SeriesArubaOS6.2 | User Guide ControlPlane Security | 95