You are here: Home > CLI Commands > Just_CLI_Topics > local-factory-cert

local-factory-cert

local-factory-cert local-mac <lmac> [load-balance]

Description

This command configures the factory-installed certificate for communication between a managed device and a Mobility Master.

Syntax

Parameter

Description

<lmac>

MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address of the managed device with a local certificate.

Usage Guidelines

Use this command on a Mobility Master to configure the factory certificate for communication with a managed device. On the managed device, use the masterip command to configure the IP address and certificates for the Mobility Master. If your Mobility Master and managed devices use certificates for authentication, the IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnel will be created using IKEv2Internet Key Exchange version 2. IKEv2 uses the secure channel established in Phase 1 to negotiate Security Associations on behalf of services such as IPsec. IKEv2 uses pre-shared key and Digital Signature for authentication. See RFC 4306. .

When a managed device communicates with Mobility Master to set up IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnels, the uplink vlanVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. tag configured via the uplink command will be sent along in vendor-id payload during IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard. negotiation. This will uniquely bind the tunnel from a particular uplink on the managed device to a corresponding map on Mobility Master.

Example

The following command configures the managed device with a factory-installed certificate:

(host)[node](config) #local-factory-cert local-mac 00:16:CF:AF:3E:E1

Related Commands

Command

Description

show local-cert-mac

Display the IP, MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address and certificate configuration of managed device.

Command History

Release

Modification

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

License

Command Mode

Available on all platforms

Available in the base operating system.

Config mode on Mobility Master.

/*]]>*/