You are here: Home > CLI Commands > Just_CLI_Topics > master-redundancy peer-ip

master-redundancy peer-ip

master-redundancy peer-ip <ipaddr>

ipsec <key>

ipsec-custom-cert peer-mac <mac> ca-cert <ca> server-cert <sc> [suite‑b gcm128|gcm256]

ipsec-factory-cert peer-mac <mac>

 

Description

This command configures the IP address and PSKPre-shared key. A unique shared secret that was previously shared between two parties by using a secure channel. This is used with WPA security, which requires the owner of a network to provide a passphrase to users for network access. or certificate for a redundant Mobility Master on another Mobility Master.

Syntax

Parameter

Description

<ipaddr>

IP address of the redundant controller. Use the 0.0.0.0 address to configure a global preshared key for all inter-controller communications.

ipsec <key>

To establish the master-master IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnel using IKEv1Internet Key Exchange version 1. IKEv1 establishes a secure authenticated communication channel by using either the pre-shared key (shared secret), digital signatures, or public key encryption. IKEv1 operates in Main and Aggressive modes. See RFC 2409., enter a preshared key between 6-64 characters.

ipsec-custom-cert

Use a custom-installed certificate on the controller to establish the master-master IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnel using IKEv2Internet Key Exchange version 2. IKEv2 uses the secure channel established in Phase 1 to negotiate Security Associations on behalf of services such as IPsec. IKEv2 uses pre-shared key and Digital Signature for authentication. See RFC 4306.

peer-mac <mac>

The peer MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address of the certificate on the redundant Mobility Master.

ca-cert <ca>

User-defined name of a trusted CACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. certificate installed on the redundant Mobility Master. Use the show crypto-local pki TrustedCA command to display the CACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. certificates that have been imported into the controller.

server-cert <cert>

User-defined name of a server certificate installed on on the redundant Mobility Master. Use the show crypto-local pki ServerCert command to display the server certificates that have been imported into the controller.

suite‑b

If you configure your Mobility Master to use IKEv2Internet Key Exchange version 2. IKEv2 uses the secure channel established in Phase 1 to negotiate Security Associations on behalf of services such as IPsec. IKEv2 uses pre-shared key and Digital Signature for authentication. See RFC 4306. and custom-installed certificates, you can optionally use Suite-B cryptographic algorithms for IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. encryption. Specify one of the following options:

gcm-128 Use 128-bit AESAdvanced Encryption Standard. AES is an encryption standard used for encrypting and protecting electronic data. The AES encrypts and decrypts data in blocks of 128 bits (16 bytes), and can use keys of 128 bits, 192 bits, and 256 bits.-GCM Suite-B encryption

gcm-256 Use 256-bit AESAdvanced Encryption Standard. AES is an encryption standard used for encrypting and protecting electronic data. The AES encrypts and decrypts data in blocks of 128 bits (16 bytes), and can use keys of 128 bits, 192 bits, and 256 bits.-GCM Suite-B encryption

ipsec-factory-cert

Use the factory-installed certificate on the Mobility Master to establish a master-local IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnel using IKEv2Internet Key Exchange version 2. IKEv2 uses the secure channel established in Phase 1 to negotiate Security Associations on behalf of services such as IPsec. IKEv2 uses pre-shared key and Digital Signature for authentication. See RFC 4306. .

peer-mac <mac>

The MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address of the certificate on the redundant Mobility Master.

Usage Guidelines

Use this command on a Mobility Master to configure the IP address and preshared key or certificates for communication with a redundant Mobility Master.

If your Mobility Master uses a pre-shared key for authentication, it will create the IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnel using IKEv1Internet Key Exchange version 1. IKEv1 establishes a secure authenticated communication channel by using either the pre-shared key (shared secret), digital signatures, or public key encryption. IKEv1 operates in Main and Aggressive modes. See RFC 2409.. If your Mobility Master and managed devices use certificates for authentication, the IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnel will be created using IKEv2Internet Key Exchange version 2. IKEv2 uses the secure channel established in Phase 1 to negotiate Security Associations on behalf of services such as IPsec. IKEv2 uses pre-shared key and Digital Signature for authentication. See RFC 4306. .

Example

The following command configures the managed device on a Mobility Master:

(host) [mynode] (config) #peer-ip 10.4.62.5 ipsec-custom-cert master-mac 00:02:2D:11:55:4D ca-cert cacert1 server-cert server1

Command History

Release

Modification

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platform

License

Command Mode

All platforms

The suite-b gcm-128and suite-b gcm-256 encryption options for IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. custom certificates requires the Advanced Cryptography license. All other parameters are available in the base operating system.

Config mode on Mobility Master.

/*]]>*/