Concept Guide
Table Of Contents
- Revision History
- The ArubaOS Command-Line Interface
- aaa auth-survivability
- aaa authentication captive-portal
- aaa authentication dot1x
- aaa authentication mac
- aaa authentication mgmt
- aaa authentication-server internal
- aaa authentication-server ldap
- aaa authentication-server radius
- aaa authentication-server tacacs
- aaa authentication-server windows
- aaa authentication stateful-dot1x
- aaa authentication stateful-dot1x clear
- aaa authentication stateful-kerberos
- aaa authentication stateful-ntlm
- aaa authentication via auth-profile
- aaa authentication via connection-profile
- aaa authentication via global-config
- aaa authentication via web-auth
- aaa authentication vpn
- aaa authentication wired
- aaa authentication wispr
- aaa bandwidth-contract
- aaa derivation-rules
- aaa dns-query-interval
- aaa inservice
- aaa ipv6 user add
- aaa ipv6 user clear-sessions
- aaa ipv6 user delete
- aaa ipv6 user logout
- aaa log
- aaa password-policy mgmt
- aaa profile
- aaa query-user
- aaa radius-attributes
- aaa rfc-3576-server
- aaa server-group
- aaa tacacs-accounting
- aaa test-server
- aaa timers
- aaa trusted-ap
- aaa user add
- aaa user clear-sessions
- aaa user delete
- aaa user fast-age
- aaa user logout
- aaa user monitor
- aaa user purge-log
- aaa user stats-poll
- aaa xml-api
- activate
- activate-service-whitelist
- adp
- airgroup
- airgroupservice
- airgroup static mdns-record
- am
- amon msg-buffer-size
- ap authorization-profile
- ap consolidated-provision info
- ap-crash-transfer
- ap debug advanced-stats
- ap debug client-trace start
- ap debug client-trace stop
- ap debug dot 11r remove-key
- ap debug radio-event-log
- ap debug radio-registers dump
- ap enet-link-profile
- ap flush-r1-on-new-r0
- ap image-preload
- ap-lacp-striping-ip
- ap lldp med-network-policy-profile
- ap lldp profile
- ap mesh-cluster-profile
- ap mesh-ht-ssid-profile
- ap mesh-radio-profile
- ap provisioning-profile
- ap packet-capture
- ap process restart
- ap regulatory activate
- ap regulatory-domain-profile
- ap regulatory reset
- ap spectrum clear-webui-view-settings
- ap spectrum local-override
- ap system-profile
- ap wipe out flash
- ap wired-ap-profile
- ap wired-port-profile
- apboot
- apconnect
- apdisconnect
- apflash [deprecated]
- ap-group
- ap-leds
- ap-move
- ap-name
- ap-regroup
- ap-rename
- app skype4b traffic-control
- arm move-sta
- arp
- audit-trail
- backup
- banner motd
- block-redirect-url
- boot
- cellular profile
- cfgm
- clear
- clear aaa auth-survivability-cache
- clear wms wired-mac
- clock append
- clock set
- clock summer-time recurring
- clock timezone
- cluster-member-custom-cert
- cluster-member-factory-cert
- cluster-member-ip
- cluster-root-ip
- configure terminal
- control-plane-security
- controller-ip
- controller-ipv6
- copy
- cp-bandwidth-contract
- crypto-local ipsec sa-cleanup
- crypto dynamic-map
- crypto ipsec
- crypto isakmp
- crypto isakmp block-aruba-ca
- crypto isakmp policy
- crypto-local ipsec-map
- crypto-local isakmp allow-via-subnet-routes
- crypto-local isakmp ca-certificate
- crypto-local isakmp certificate-group
- crypto-local isakmp disable-aggressive-mode
- crypto_local isakmp disable-ipcomp
- crypto-local isakmp dpd
- crypto-local isakmp key
- crypto-local isakmp permit-invalid-cert
- crypto-local isakmp sa-cleanup
- crypto-local isakmp server-certificate
- crypto-local isakmp xauth
- crypto-local pki
- crypto-local pki rcp
- crypto map global-map
- crypto
- crypto
- crypto pki-import
- database synchronize
- delete
- destination
- dialer group
- dir
- disable-whitelist-sync
- dot1x
- dpi
- dynamic-ip
- eject usb
- enable
- enable bypass
- enable secret
- encrypt
- esi group
- esi parser domain
- esi parser rule
- esi parser rule‑test
- esi ping
- esi server
- exit
- export
- file syncing profile
- fips
- firewall
- firewall cp
- firewall cp-bandwidth-contract
- firewall-visibility
- gateway health-check disable
- guest-access-email
- ha
- halt
- help
- hostname
- iap del branch-key
- iap trusted-branch-db
- ids ap-classification-rule change
- ids ap-rule-matching
- ids dos-profile
- ids general-profile
- ids impersonation-profile
- ids management-profile
- ids profile
- ids rate-thresholds-profile
- ids signature-matching-profile
- ids signature-profile
- ids unauthorized-device-profile
- ids wms-general-profile
- ids wms-local system-profile
- ifmap
- Interface cellular
- interface fastethernet | gigabitethernet
- interface loopback
- interface port-channel
- interface-profile voip-profile
- interface range
- interface tunnel
- interface vlan
- interface vlan ipv6
- interface vlan ip igmp proxy
- ip access-list eth
- ip access-list extended
- ip access-list ip-geolocation
- ip access-list mac
- ip access-list route
- ip access-list session
- ip access-list standard
- ip cp-redirect-address
- ip default-gateway
- ip dhcp excluded-address
- ip dhcp pool
- ip domain lookup
- ip domain-name
- ip igmp
- ip local
- ip mobile active-domain
- ip mobile domain
- ip mobile foreign-agent
- ip mobile home-agent
- ip mobile packet-trace
- ip mobile proxy
- ip mobile revocation
- ip name-server
- ip nat
- ip nexthop-list
- ip ospf
- ip probe default
- ip probe health-check
- ip radius
- ids rap-wml-server-profile
- ids rap‑wml-table-profile
- ip reputation
- ip route
- ipv6 cp-redirect-address
- ipv6 default-gateway
- ipv6 dhcp excluded-address
- ipv6 dhcp pool
- ipv6 enable
- ipv6 firewall
- ipv6 neighbor
- ipv6 mld
- ipv6 proxy-ra
- ipv6 radius
- ipv6 route
- kernel coredump
- lacp group
- lacp port-priority
- lacp system-priority
- lacp timeout
- lcd-menu
- license
- local-custom-cert
- local-factory-cert
- localip
- local-userdb add
- local-userdb-ap del
- local-userdb-branch
- local-userdb del
- local-userdb export
- local-userdb fix-database
- local-userdb-guest add
- local-userdb-guest del
- local-userdb-guest modify
- local-userdb-guest send-email
- local-userdb import
- local-userdb maximum-expiration
- local-userdb modify
- local-userdb-branch
- local-userdb send-to-guest
- local-userdb send-to-sponsor
- location
- location-server-feed
- logging
- logging facility
- logging level
- loginsession
- logout
- mac-address-table
- master-redundancy master-vrrp
- masterip
- master-redundancy peer-ip
- mgmt-server profile
- mgmt-server type
- mgmt-user
- mobility-manager
- netdestination
- netdestination6
- netexthdr
- netservice
- ntp authenticate
- ntp authentication-key
- ntp server
- ntp standalone
- ntp trusted-key
- packet-capture
- packet-capture-defaults
- page
- paging
- pan active-profile
- pan profile
- panic
- pan-options
- papi-security
- perf-test
- pcap (deprecated)
- phonehome
- ping
- pkt-trace
- pkt-trace-global
- pptp ip local pool
- priority-map
- process monitor
- prompt
- provision-ap
- reload
- rename
- restore
- rf am-scan-profile
- rft
- rf arm-rf-domain-profile
- rf arm-profile
- rf dot11a-radio-profile
- rf dot11g-radio-profile
- rf event-thresholds-profile
- rf ht-radio-profile
- rf optimization-profile
- rf spectrum-profile
- router mobile
- router ospf
- routing-policy-map
- service
- show aaa accounting tacacs
- show aaa authentication all
- show aaa authentication captive-portal
- show aaa authentication captive-portal customization
- show aaa authentication dot1x
- show aaa authentication mac
- show aaa authentication mgmt
- show aaa authentication stateful-dot1x
- show aaa authentication stateful-ntlm
- show aaa authentication via auth-profile
- show aaa authentication via connection-profile
- show aaa authentication via web-auth
- show aaa authentication vpn
- show aaa authentication wired
- show aaa authentication wispr
- show aaa authentication-server all
- show aaa authentication-server internal
- show aaa authentication-server ldap
- show aaa authentication-server radius
- show aaa authentication-server tacacs
- show aaa authentication-server windows
- show aaa bandwidth-contracts
- show aaa debug
- show aaa derivation-rules
- show aaa dns-query-interval
- show aaa fqdn-server-names
- show aaa load-balance statistics
- show aaa main-profile
- show aaa password-policy mgmt
- show aaa profile
- show aaa radius-attributes
- show aaa rfc-3576-server
- show aaa server-group
- show aaa state ap-group
- show aaa state configuration
- show aaa state debug-statistics
- show aaa state log
- show aaa state messages
- show aaa state station
- show aaa state user
- show aaa tacacs-accounting
- show aaa timers
- show aaa web admin-port
- show aaa xml-api server
- show aaa xml-api statistics
- show acl ace-table
- show acl acl-table
- show acl hits
- show activate-service-whitelist
- show adp config
- show adp counters
- show airgroup
- show airgroup active-domains
- show airgroup blocked-queries
- show airgroup blocked-service-id
- show airgroup cache entries
- show airgroup cppm
- show airgroup cppm-server
- show airgroup domain
- show airgroup internal-state statistics
- show airgroup global-credits
- show airgroup multi-controller-table
- show airgroup servers
- show airgroup status
- show airgroup users
- show airgroup vlan
- show airgroupservice
- show ap active
- show ap-group
- show ap-name
- show ap allowed-channels
- show ap ap-group
- show ap arm client-match history
- show ap arm client-match neighbors
- show ap arm client-match Pending
- show ap arm client-match probe-report
- show ap arm client-match restriction-table
- show ap arm client-match summary
- show ap arm client-match unsupported
- show ap arm history
- show ap arm neighbors
- show ap arm rf-summary
- show ap arm scan-times
- show ap arm split-scan-history
- show ap arm state
- show ap arm status
- show ap arm virtual-beacon-report
- show ap association
- show ap association remote
- show ap authorization-profile
- show ap blacklist-clients
- show ap bss-table
- show ap bw-report
- show ap client status
- show ap client trail-info
- show ap config
- show ap consolidated-provision info
- show ap-crash-transfer
- show ap database
- show ap database-summary
- show ap debug bandwidth-management
- show ap debug ble-config
- show ap debug ble-counters
- show ap debug ble-log
- show ap debug ble-table
- show ap debug ble-update-status
- show ap debug bss-config
- show ap debug bss-stats
- show ap debug client-deauth-reason-counters
- show ap debug client-mgmt-counters
- show ap debug client-stats
- show ap debug client-table
- show ap debug client-trace
- show ap debug counters
- show ap debug crash-info
- show ap debug crypto
- show ap debug datapath
- show ap debug dot11r
- show ap debug dot11r state
- show ap debug driver-log
- show ap debug gre-tun-stats
- show ap debug gsm-counters
- show ap debug ipc forwarding-statistics
- show ap debug lacp
- show ap debug lldp
- show ap debug log
- show ap debug config-msg-history
- show ap debug dot11r state
- show ap debug port status
- show ap debug radar-logs
- show ap debug radio-event-log status
- show ap debug radio-info
- show ap debug radio-registers
- show ap debug radio-stats
- show ap debug received-config
- show ap debug shaping-table
- show ap debug spanning-tree
- show ap debug switching
- show ap debug system-status
- show ap debug trace-addr
- show ap debug usb
- show ap details
- show ap enet-link-profile
- show ap essid
- show ap ht-rates
- show ap image-preload-status (deprecated)
- show ap image-preload status
- show ap image version
- show ap-lacp-striping-ip
- show ap license-usage
- show ap lldp
- show ap lldp counters
- show ap lldp med-network-policy-profile
- show ap lldp neighbors
- show ap load-balancing
- show ap mesh active
- show ap mesh-cluster-profile
- show ap mesh debug counters
- show ap mesh debug current-cluster
- show ap mesh debug forwarding-table
- show ap mesh debug hostapd-log
- show ap mesh debug meshd-log
- show ap mesh debug provisioned-clusters
- show ap mesh-ht-ssid-profile
- show ap mesh neighbors
- show ap mesh-radio-profile
- show ap mesh tech-support
- show ap mesh topology
- show ap monitor
- show ap monitor association
- show ap monitor debug
- show ap monitor stats
- show ap packet capture
- show ap papi-err
- show ap port status
- show ap profile-usage
- show ap provisioning
- show ap provisioning-profile
- show ap radio-database
- show ap radio-summary
- show ap regulatory
- show ap regulatory-domain-profile
- show ap remote counters
- show ap remote debug anul-sta-entries
- show ap remote debug association
- show ap remote debug association
- show ap remote debug association-failure
- show ap remote debug bss-config
- show ap remote debug client-mgmt-counters
- show ap remote debug flash-config
- show ap remote debug mgmt-frames
- show ap snmp
- show ap spectrum ap-list
- show ap spectrum channel-metrics
- show ap spectrum channel-summary
- show ap spectrum client-list
- show ap spectrum debug
- show ap spectrum debug fft
- show ap spectrum debug monitors
- show ap spectrum debug status
- show ap spectrum device-duty-cycle
- show ap spectrum device-history
- show ap spectrum device-list
- show ap spectrum device-log
- show ap spectrum device-summary
- show ap spectrum interference-power
- show ap spectrum-load-balancing
- show ap spectrum local-override
- show ap spectrum monitors
- show ap spectrum technical-support
- show ap standby
- show ap system-profile
- show ap tech-support
- show ap vht-rates
- show ap virtual-beacon-report
- show ap vlan-usage
- show ap wired-ap-profile
- show ap wired-port-profile
- show ap wired stats
- show ap wmm-flow
- show app skype4b call-cdrs
- show app skype4b call-quality
- show app skype4b client-status
- show app skype4b tracebuf
- show app skype4b traffic-control
- show ap-group
- show ap-name
- show arp
- show audit-trail
- show auth-survivability
- show auth-survivability-cache
- show auth-tracebuf
- show banner
- show ble_relay
- show boot
- show branch
- show branch-config-group
- show branch-dhcp-pool
- show branch master-l3redundancy
- show cellular profile
- show clock
- show cluster-config
- show cluster-switches
- show command-mapping
- show configuration
- show controller-ip
- show controller-ipv6
- show control-plane-security
- show country
- show cp-bwcontracts
- show cpuload
- show crypto-local ipsec-map
- show crypto dp
- show crypto dynamic-map
- show crypto ipsec
- show crypto isakmp
- show crypto-local isakmp
- show crypto-local pki
- show crypto map
- show crypto pki
- show database
- show datapath
- show destination
- show dialer group
- show dir (deprecated)
- show dot1x ap-table
- show dot1x ap-table aes
- show dot1x ap-table dynamic-wep
- show dot1x ap-table static-wep
- show dot1x ap-table tkip
- show dot1x counters
- show dot1x supplicant-info
- show dot1x supplicant-info list-all
- show dot1x supplicant-info pmkid
- show dot1x supplicant-info statistics
- show dot1x watermark
- show dpi
- show esi groups
- show esi parser
- show esi ping
- show esi servers
- show faults
- show file syncing profile
- show fips
- show firewall
- show firewall-cp
- show firewall-visibility
- show flush-r1-on-new-r0
- show gap-debug
- show gateway health-check
- show global-user-table count
- show-global-user-table list
- show guest-access-email
- show ha ap
- show ha group
- show ha heartbeat counters
- show ha oversubscription statistics
- show hostname
- show iap detailed-table
- show iap table
- show iap trusted-branch-db
- show ids ap-classification-rule
- show ids ap-rule-matching
- show ids dos-profile
- show ids general-profile
- show ids impersonation-profile
- show ids management-profile
- show ids profile
- show ids rate-thresholds-profile
- show ids signature-matching-profile
- show ids signature-profile
- show ids unauthorized-device-profile
- show ids wms-general-profile
- show ifmap
- show ip interface brief
- show image version
- show interface cellular access-group
- show interface counters
- show interface fastethernet
- show interface gigabitethernet
- show interface loopback
- show interface port-channel
- show interface-profile voip-profile
- show interface tunnel
- show interface vlan
- show inventory
- show iostat
- show ip access-group
- show ip access-list
- show ip cp-redirect-address
- show ip dhcp
- show ip domain-name
- show ip health-check
- show ip igmp
- show ip mobile
- show ip nat pool
- show ip nexthop-list
- show ip ospf
- show ip pppoe-info
- show ip probe
- show ip radius
- show ip-reputation
- show ip route
- show ipc statistics app-ap
- show ipc statistics app-id
- show ipc statistics app-name
- show ipv4 user-table
- show ipv6 dhcp
- show ipv6 firewall
- show ipv6 interface
- show ipv6 mld config
- show ipv6 mld counters
- show ipv6 mld group
- show ipv6 mld interface
- show ipv6 mld proxy-group
- show ipv6 mld proxy-stats
- show ipv6 mld proxy-mobility-group
- show ipv6 mld proxy-mobility-stats
- show ipv6 neighbors
- show ipv6 ra status
- show ipv6 route
- show ipv6 user-table
- show keys
- show lacp
- show lacp sys-id
- show lcd-menu
- show license
- show license aggregate
- show license client-table
- show license debug
- show license heartbeat stats
- show license profile
- show license server-table
- show license server-redundancy
- show license-usage
- show lldp interface
- show lldp neighbor
- show lldp statistics
- show local-cert-mac
- show localip
- show local-userdb
- show local-userdb-ap
- show local-userdb-branch
- show local-userdb-guest
- show local-userdb username
- show local-userdb username
- show localip
- show log all
- show log ap-debug
- show log arm-user-debug
- show log bssid-debug
- show log errorlog
- show log essid-debug
- show log network
- show log security
- show log system
- show log user
- show log user-debug
- show log wireless
- show logging
- show loginsessions
- show mac-address-table
- show master-configpending
- show master-local stats
- show master-redundancy
- show memory
- show mgmt-role
- show mgmt-server
- show mgmt-servers
- show mgmt-users
- show tunneled-node config
- show netdestination
- show netexthdr
- show netservice
- show netstat stats
- show network-printer (deprecated)
- show network-storage (deprecated)
- show ntp trusted-keys
- show ntp peer
- show ntp servers
- show ntp status
- show packet-capture
- show packet-capture-defaults
- show pan active-profile
- show pan-options
- show pan state
- show pan statistics
- show pan-gp
- show pan-options
- show papi kernel-socket-stats
- show papi-security
- show perf-test reports
- show poe
- show port link-event
- show port monitor
- show port stats
- show port status
- show port trusted
- show port xsec
- show priority-map
- show processes
- show profile-errors
- show profile-hierarchy
- show profile-list aaa
- show profile-list ap
- show profile-list app
- show profile-list ap-group
- show profile-list ap-name
- show profile-list ha
- show profile-list ids
- show profile-list mgmt-server
- show profile-list rf
- show profile-list wlan
- show provisioning-ap-list
- show provisioning-params
- show rap-wml
- show references aaa authentication
- show references aaa authentication-server
- show references aaa profile
- show references aaa rfc-3576-server
- show references aaa server-group
- show references activate-service-whitelist
- show references airgroup
- show references ap
- show references app
- show references guest-access-email
- show references ha
- show references ids
- show references ifmap cppm
- show references license profile
- show references mgmt-server profile
- show references papi-security
- show references rf
- show references upgrade-profile
- show references user-role
- show references web-server
- show references wlan
- show rf am-scan-profile
- show rf arm-rf-domain-profile
- show rf arm-profile
- show rf dot11a-radio-profile
- show rf dot11g-radio-profile
- show rf event-thresholds-profile
- show rf ht-radio-profile
- show rf optimization-profile
- show rf spectrum-profile
- show rft profile
- show rft result
- show rft transactions
- show rights
- show roleinfo
- show route-access-list
- show rrm dot11k admission-capacity
- show rrm dot11k ap-channel-report
- show rrm dot11k beacon-report
- show rrm dot11k neighbor-report
- show rrm dot11k transmit-stream-report station-mac
- show running-config
- show session-acl-list
- show slots
- show snmp community
- show snmp inform
- show snmp trap-hosts
- show snmp trap-list
- show snmp trap-queue
- show snmp user-table
- show spanning-tree
- show spantree
- show ssh
- show sso idp-profile
- show startup-config
- show station-table
- show storage
- show switch ip
- show switch software
- show switches
- show switchinfo
- show syscontact
- show syslocation
- show tech-support
- show telnet
- show threshold
- show threshold-limits
- show time-range
- show timer debug statistics app-name
- show tpm cert-info (deprecated)
- show trunk
- show tunnel-group
- show tunneled-node
- show ucc call-info cdrs
- show ucc client-info
- show ucc configuration
- show ucc dns-ip-learning
- show ucc statistics
- show ucc trace-buffer
- show upgrade configuration
- show upgrade status
- show upgrade-profile
- show uplink
- show usb
- show user
- show user-table
- show util_proc
- show valid-network-oui-profile
- show version
- show via
- show vlan
- show vlan-assignment
- show vlan-assignment-auth
- show vlan mapping
- show vlan status
- show vlan summary
- show vlan-bwcontract-explist
- show voice alg-based-cac (deprecated)
- show voice call-cdrs (deprecated)
- show voice call-counters (deprecated)
- show voice call-density (deprecated)
- show voice call-perf (deprecated)
- show voice call-quality (deprecated)
- show voice call-stats (deprecated)
- show voice client-status (deprecated)
- show voice configurations (deprecated)
- show voice dialplan-profile (deprecated)
- show voice facetime
- show voice logging (deprecated)
- show voice msg-stats
- show voice real-time-analysis (deprecated)
- show voice real-time-analysis-config (deprecated)
- show voice rtcp-inactivity (deprecated)
- show voice sip (deprecated)
- show voice sip-midcall-req-timeout (deprecated)
- show voice statistics (deprecated)
- show voice trace
- show voice wificalling
- show vpdn l2tp configuration
- show vpdn pptp configuration
- show vpdn pptp local pool
- show vpn-dialer
- show vrrp
- show web-cc
- show web-server
- show web-proxy
- show whitelist-db cpsec
- show whitelist-db cpsec-local-switch-list
- show whitelist-db cpsec-master-switch-list
- show whitelist-db cpsec-seq
- show whitelist-db cpsec-status
- show whitelist-db rap
- show whitelist-db rap-local-switch-list
- show whitelist-db rap-master-switch-list
- show whitelist-db rap-status
- show wlan anyspot-profile
- show wlan bcn-rpt-req-profile
- show wlan dot11k-profile
- show wlan dot11r-profile
- show wlan edca-parameters-profile
- show wlan handover-trigger-profile
- show wlan hotspot advertisement-profile
- show wlan hotspot anqp-3gpp-nwk-profile
- show wlan hotspot anqp-domain-name-profile
- show wlan hotspot anqp-ip-addr-avail-profile
- show wlan hotspot anqp-nai-realm-profile
- show wlan hotspot anqp-nwk-auth-profile
- show wlan hotspot anqp-roam-cons-profile
- show wlan hotspot anqp-venue-name-profile
- show wlan hotspot hs2-profile
- show wlan hotspot h2qp-conn-capability-profile
- show wlan hotspot h2qp-op-cl-profile
- show wlan hotspot h2qp-operator-friendly-name-profile
- show wlan hotspot h2qp-wan-metrics-profile
- show wlan ht-ssid-profile
- show wlan ssid-profile
- show wlan traffic-management-profile
- show wlan tsm-req-profile
- show wlan virtual-ap
- show wlan voip-cac-profile
- show wlan wmm-traffic-management-profile
- show wms ap
- show wms channel
- show wms client
- show wms counters
- show wms monitor-summary
- show wms probe
- show wms rogue-ap
- show wms routers
- show wms rules
- show wms system
- show wms wired-mac
- show ip interface brief
- shutdown
- snmp-server
- spanning-tree (Global Configuration)
- spanning-tree mode
- spanning-tree (Configuration Interface)
- spanning-tree vlan range (PVST+)
- ssh
- ssh
- sso idp-profile
- stm
- support
- syscontact
- syslocation
- tar
- telnet
- telnet
- threshold
- time-range
- tracepath
- traceroute
- trusted
- tunnel-group
- tunnel-loop-prevention
- tunnel-node-mtu
- tunneled-node-address
- upgrade
- upgrade-profile
- uplink
- usb-printer (deprecated)
- usb reclassify
- user-role
- valid-network-oui-profile
- vlan-bwcontract-explist
- vlan-name
- vlan
- voice alg-based-cac
- voice dialplan-profile
- voice facetime
- voice logging
- voice real-time-config
- voice rtcp-inactivity
- voice sip
- voice sip-midcall-req-timeout
- voice wificalling
- vpdn group l2tp
- vpdn group pptp
- vpn-dialer
- vrrp
- web-cc
- web-proxy server
- web-server profile
- whitelist-db cpsec add
- whitelist-db cpsec delete
- whitelist-db cpsec-local-switch-list
- whitelist-db cpsec-master-switch-list
- whitelist-db cpsec modify
- whitelist-db cpsec purge
- whitelist-db cpsec revoke
- whitelist-db rap add
- whitelist-db rap del
- whitelist-db rap modify
- whitelist-db rap revoke
- whitelist-db rap-local-switch-list
- whitelist-db rap-master-switch-list
- whoami
- wipe
- wlan anyspot-profile
- wlan bcn-rpt-req-profile
- wlan client-wlan-profile
- wlan dot11k-profile
- wlan dot11r-profile
- wlan edca-parameters-profile
- wlan handover-trigger-profile
- wlan hotspot advertisement-profile
- wlan hotspot anqp-3gpp-nwk-profile
- wlan hotspot anqp-domain-name-profile
- wlan hotspot anqp-ip-addr-avail-profile
- wlan hotspot anqp-nai-realm-profile
- wlan hotspot anqp-nwk-auth-profile
- wlan hotspot anqp-roam-cons-profile
- wlan hotspot anqp-venue-name-profile
- wlan hotspot h2qp-conn-capability-profile
- wlan hotspot h2qp-op-cl-profile
- wlan hotspot h2qp-operator-friendly-name-profile
- wlan hotspot h2qp-wan-metrics-profile
- wlan hotspot hs2-profile
- wlan ht-ssid-profile
- wlan rrm-ie-profile
- wlan ssid-profile
- wlan traffic-management-profile
- wlan tsm-req-profile
- wlan virtual-ap
- wlan voip-cac-profile
- wlan wmm-traffic-management-profile
- wms ap
- wms clean-db
- wms client
- wms export-class
- wms export-db
- wms import-db
- wms reinit-db
- write
- Appendix A: Command Modes
287| cluster-root-ip Dell Networking W-Series ArubaOS 6.5.x| Reference Guide
Usage Guidelines
If your network includes multiple master controllers each with their own hierarchy of APs and local controllers,
you can allow APs from one hierarchy to failover to any other hierarchy by defining a cluster of master
controllers. Each cluster will have one master controller as its cluster root, and all other master controllers as
cluster members.
The master controller operating as the cluster root will use the control plane security feature to create a self-
signed certificate, then certify it’s own local controllers and APs. Next, the cluster root will send the certificate to
each cluster member, which in turn certifies their own local controllers and APs. Since all controllers and APs in
the cluster get their certificates from the cluster root, they will all have the same trust anchor, and the APs can
switch to any other controller in the cluster and still remain connected to the secure network. Issue the cluster-
member-ip command on the controller you want to define as the cluster root to select the certificate or define
the IPsec key for secure communication between the cluster root and each cluster member.
Once the cluster root has defined an IPsec key or certificate for all cluster members, you must access each of
the member controllers and issue the command cluster-root-ip to define the IPsec key or certificate for
communication to the cluster root.
For information on installing certificates on your controller, refer to the Management Utilities chapter of the Dell
Networking W-Series ArubaOS User Guide.
Example
The following command defines the IPsec key for communication between the cluster member and the root
controller172.21.45.22:
(host) (config) #cluster-root-ip 172.21.45.22 ipsec ipseckey1
Related Commands
Parameter Description Mode
control-plane-security
Configure the control plane security profile. Config mode
show cluster-config
Show the multi-master cluster configuration for the
control plane security feature.
Enable mode
show cluster-switches
Issue this command on a master controller using
control plane security in a multi-master environment
to show other the other controllers to which it is
connected.
Enable mode
Command History
Release Modification
ArubaOS 5.0 Command introduced.
ArubaOS 6.1 The ipsec-factory-cert and ipsec-custom-cert parameters were
introduced to allow certificate-based authentication of cluster members.