Filter
Top Products
96 |ControlPlaneSecurity DellPowerConnectW-SeriesArubaOS6.2 | User Guide
are synchronized to the backup controller. Since the AP whitelist may change periodically, the network administrator
should regularly synchronize these settings to the backup controller. For details, see "Configuring Networks with a
Backup Master Controller" on page 90.
When you install a new backup cluster member,
you must add it as a lower priority
controller than the existing
primary controller. After you install the backup cluster member on the network, resynchronize the database from the
existing primary controller to the new backup controller to ensure that all certificates, keys and whitelist entries
required for control plane security are added to the new backup controller configuration. If you want the new
controller to act as the primary controller, you can increase that controller’s priority
after
the settings have been
resynchronized.
Replacing a Cluster Root Controller with no Backup Controller
If you replace a cluster root controller that does not have a backup controller, the new cluster root controller creates
its own self-signed certificate. You then need to reboot each controller in the hierarchy in a specific order to certify
all APs with that new certificate.
1. Remove the old cluster root from the network.
2. Install and configure the new cluster root.
3. Connect the new cluster root to the network so it can access cluster masters and local Dell controllers.
4. If necessary, reconfigure the cluster masters and local Dell controllers with their new cluster root IP and master IP
addresses.
5. Reboot every cluster member controller. The cluster member begins using a new certificate signed by the cluster
root.
6. Reboot every local controller. Each local controllerbegins using a new certificate signed by the cluster member.
7. Because the cluster root is new, it does not have a configured campus AP whitelist. Access the campus AP
whitelist on any local controller or cluster master and change all APs in a “certified” state to an “approved” state.
The APs get recertified, reboot and create new IPsec tunnels to their controller using the new certificate key.
If a cluster root controller does not have any cluster master or local Dell controllers, you must recreate the campus
AP whitelist on the cluster root by turning on automatic certificate provisioning or manually reentering the
campus AP whitelist entries.
Replacing a Redundant Cluster Root Controller
Dell recommends using a backup controller with your cluster root controller. If your cluster root has a backup
controller, you can replace the backup cluster root without having to reboot all cluster master and local Dell
controllers, minimizing network disruptions.
The control plane security feature requires you to synchronize databases from the primary controller to the backup
controller at least once after the network is up at running. This ensures that all certificates, keys and whitelist entries
are synchronized to the backup controller. Since the AP whitelist may change periodically, the network administrator
should regularly synchronize these settings to the backup controller. For details, see "Configuring Networks with a
Backup Master Controller" on page 90.
When you install a new backup cluster root,
you must add it as a lower priority
controller than the existing primary
controller. After you install the backup cluster root on the network, resynchronize the database from the existing
primary controller to the new backup controller to ensure that all certificates, keys and whitelist entries required for
control plane security are added to the new backup controller configuration. If you want the new controller to act as
the primary controller, you can increase that controller’s priority
after
the settings have been resynchronized.