You are here: Home > CLI Commands > Just_CLI_Topics > cluster-root-ip

cluster-root-ip

cluster-root-ip <ip-address>

ipsec <key>

ipsec-custom-cert root-mac1 <mac1> [root-mac2 <mac2>] ca-cert <ca> server-cert <cert> [suite-b <gcm-128 | gcm-256>]

ipsec-factory-cert root-mac-1 <mac> [root-mac-1 <mac>]

Description

This command sets the Mobility Master as a CPsecControl Plane Security. CPsec is a secure form of communication between a controller and APs to protect the control plane communications. This is performed by means of using public-key self-signed certificates created by each master controller. cluster member, and defines the IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. key or certificate for secure communication between the cluster member and the Mobility Master’s cluster root.

Syntax

Parameter

Description

<ip-address>

The IP address of CPsecControl Plane Security. CPsec is a secure form of communication between a controller and APs to protect the control plane communications. This is performed by means of using public-key self-signed certificates created by each master controller. cluster root Mobility Master. To set a single IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. key for all member managed devices in the cluster use the IP address 0.0.0.0.

ipsec <key>

Set the value of the IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. PSKPre-shared key. A unique shared secret that was previously shared between two parties by using a secure channel. This is used with WPA security, which requires the owner of a network to provide a passphrase to users for network access. for communication with the cluster root. This parameter must be have the same value as the IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. key defined for the cluster member via the cluster-member-ip command.

ipsec-factory-cert

Use a factory-installed certificate for secure communication between the cluster root and the specified cluster member by specifying the MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address of the certificate.

root-mac-1 <mac>

Specify MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address of the cluster root.

ipsec-custom-cert

Use a custom user-installed certificate for secure communication between the cluster root and the specified cluster member.

root-mac-1 <mac>

Specify the MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address of the cluster-root’s certificate.

root-mac-2 <mac>

(Optional) If your network has multiple Mobility Master, use this parameter to specify he MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address of the redundant cluster-root’s certificate.

ca-cert <ca>

Name of the CACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. certificate uploaded via the WebUI

server-cert <cert>

Name of the server certificate uploaded via the WebUI.

suite-b

To use Suite-B encryption in the secure communication between the cluster root and cluster member, specify one of the following Suite-B algorithms

gcm-128: Encryption using 128-bit AESAdvanced Encryption Standard. AES is an encryption standard used for encrypting and protecting electronic data. The AES encrypts and decrypts data in blocks of 128 bits (16 bytes), and can use keys of 128 bits, 192 bits, and 256 bits.-GCM

gcm-256: Encryption using 256-but AESAdvanced Encryption Standard. AES is an encryption standard used for encrypting and protecting electronic data. The AES encrypts and decrypts data in blocks of 128 bits (16 bytes), and can use keys of 128 bits, 192 bits, and 256 bits.-GCM

Example

The following command defines the IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. key for communication between the cluster member and the root managed device172.21.45.22:

(host) [MyNode] (config) #cluster-root-ip 172.21.45.22 ipsec ipseckey1

Related Commands

Parameter

Description

control-plane-security

Configure the CPsecControl Plane Security. CPsec is a secure form of communication between a controller and APs to protect the control plane communications. This is performed by means of using public-key self-signed certificates created by each master controller. profile.

show cluster-config

Show the multi-master cluster configuration for the CPsecControl Plane Security. CPsec is a secure form of communication between a controller and APs to protect the control plane communications. This is performed by means of using public-key self-signed certificates created by each master controller. feature.

show cluster-switches

Issue this command on a Mobility Master using CPsecControl Plane Security. CPsec is a secure form of communication between a controller and APs to protect the control plane communications. This is performed by means of using public-key self-signed certificates created by each master controller. in a multi-master environment to show other managed devices to which it is connected.

Command History

Release

Modification

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

License

Command Mode

All platforms

Base operating system.

Config mode on managed devices.

/*]]>*/