Concept Guide
cluster-member-ip
cluster-member-ip <ip-address>
ipsec <key>
Description
This command sets the controller as a control plane security cluster root, and specifies the IPsec key for a
cluster member.
Syntax
Parameter Description
<ip-address>
Switch IP address of a control plane security cluster member. You can also use
the IP address 0.0.0.0 to set a single IPsec key for all cluster members.
ipsec <key>
Configure the value of the IPsec key for secure communication between the
cluster root and the specified cluster member. The key must be between 6-64
characters.
Usage Guidelines
If your network includes multiple master controllers each with their own hierarchy of APs and local controllers,
you can allow APs from one hierarchy to failover to any other hierarchy by defining a cluster of master
controllers. Each cluster will have one master controller as its cluster root, and all other master controllers as
cluster members.
The master controller operating as the cluster root will use the control plane security feature to create a self-
signed certificate, then certify it’s own local controllers and APs. Next, the cluster root will send the certificate to
each cluster member, which in turn certifies their own local controllers and APs. Since all controllers and APs in
the cluster get their certificates from the cluster root, they will all have the same trust anchor, and the APs can
switch to any other controller in the cluster and still remain connected to the secure network.
Issue the cluster-member-ip command on the controller you want to define as the cluster root to set the IPsec
key for secure communication between the cluster root and each cluster member. Use the IP address 0.0.0.0
in this command to set a single IPsec key for all member controllers, or repeat this command as desired to
define a different IPsec key for each cluster member.
Once the cluster root has defined an IPsec key for all cluster members, you must access each of the member
controllers and issue the command cluster-root-ip to define the IPsec key for communication to the cluster
root.
Example
The following command sets the controller on which you issue command as a root controller, and adds the
controller172.21.18.18 as a cluster member with the IPsec key ipseckey1:
(host) (config) #cluster-member-ip 172.21.18.18 ipsec ipseckey1
Dell Networking W-Series ArubaOS 6.5.x | Reference Guide cluster-member-ip | 284