You are here: Home > CLI Commands > Just_CLI_Topics > cluster-member-custom-cert

cluster-member-custom-cert

cluster-member-custom-cert member-mac <mac> ca-cert <ca> server-cert <cert>

suite-b <gcm-128 | gcm-256>]

Description

This command sets the managed device as a CPsecControl Plane Security. CPsec is a secure form of communication between a controller and APs to protect the control plane communications. This is performed by means of using public-key self-signed certificates created by each master controller. cluster root, and specifies a custom user-installed certificate for authenticating cluster members.

Syntax

Parameter

Description

member-mac <ca>

MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address of the cluster member.

ca-cert <ca>

Name of the CACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. certificate uploaded via the WebUI.

ca-cert <ca>

Name of the CACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. certificate uploaded via the WebUI.

server-cert <cert>

Name of the server certificate uploaded via the WebUI.

suite-b

To use Suite-B encryption in the secure communication between the cluster root and cluster member, specify one of the following Suite-B algorithms:

gcm-128: Encryption using 128-bit AESAdvanced Encryption Standard. AES is an encryption standard used for encrypting and protecting electronic data. The AES encrypts and decrypts data in blocks of 128 bits (16 bytes), and can use keys of 128 bits, 192 bits, and 256 bits.-GCM

gcm-256: Encryption using 256-but AESAdvanced Encryption Standard. AES is an encryption standard used for encrypting and protecting electronic data. The AES encrypts and decrypts data in blocks of 128 bits (16 bytes), and can use keys of 128 bits, 192 bits, and 256 bits.-GCM

Usage Guidelines

If your network includes multiple Mobility Master each with their own hierarchy of APs and managed device, you can allow APs from one hierarchy to failover to any other hierarchy by defining a cluster of Mobility Master. Each cluster will have one Mobility Master as its cluster root, and all other managed devices as cluster members.

To define a managed device as a cluster root, issue one of the following commands on that managed device:

cluster-member-custom-cert: Define the Mobility Master as a cluster root, and select a user-installed certificate to authenticate that cluster member.

cluster-member-factory-cert: Define the Mobility Master as a cluster root, and select a factory-installed certificate to authenticate that cluster member.

cluster-member-ip : Define the Mobility Master as a cluster root, and set the IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. key to authenticate that cluster member.

 

For information on installing certificates on your controller, refer toManaging Certificates.

Example

The following example selects a customer installed certificate for cluster member authentication.

(host)(config) # cluster-member-custom-cert member-mac 00:1E:37:CB:D4:52 ca-cert cacert1 server-cert servercert1

Related Commands

Parameter

Description

control-plane-security

Configure the CPsecControl Plane Security. CPsec is a secure form of communication between a controller and APs to protect the control plane communications. This is performed by means of using public-key self-signed certificates created by each master controller. profile.

show cluster-config

Show the multi-master cluster configuration for the CPsecControl Plane Security. CPsec is a secure form of communication between a controller and APs to protect the control plane communications. This is performed by means of using public-key self-signed certificates created by each master controller. feature.

show cluster-switches

Issue this command on a Mobility Master using CPsecControl Plane Security. CPsec is a secure form of communication between a controller and APs to protect the control plane communications. This is performed by means of using public-key self-signed certificates created by each master controller. in a multi-master environment to show other managed devicesto which it is connected.

Command History

Release

Modification

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

Licensing

Command Mode

All platforms

Base operating system.

Config mode on managed devices.

/*]]>*/