You are here: Home > CLI Commands > Just_CLI_Topics > masteripv6

masteripv6

masteripv6 <masteripv6_val>

ipsec <key> [fqdn <fqdn>][interface uplink|vlan <id>] masterip4 <masterip4_val> ]

ipsec-custom-cert master-mac-1-c <mac-1-c> [master-mac2 <mac2>] ca-cert <ca> server-cert <cert> [interface uplink|{vlan <id>}] [fqdn <fqdn>] [suite‑b gcm-128|gcm-256]

ipsec-factory-cert master-mac-1 <MAC> [master-mac2 <mac2>] [interface uplink|{vlan <id>}] [fqdn <fqdn>]

 

Description

This command configures the IPv6 address and preshared key or certificate for the Mobility Master or a managed device.

Syntax

Parameter

Description

<ipaddr>

IP address of the Mobility Master.

ipsec <key>

To establish the IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnel using IKEv1Internet Key Exchange version 1. IKEv1 establishes a secure authenticated communication channel by using either the pre-shared key (shared secret), digital signatures, or public key encryption. IKEv1 operates in Main and Aggressive modes. See RFC 2409., enter a preshared key between 6-64 characters.

ipsec-custom-cert

Use a custom-installed certificate on the Mobility Master to establish a IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnel using IKEv2Internet Key Exchange version 2. IKEv2 uses the secure channel established in Phase 1 to negotiate Security Associations on behalf of services such as IPsec. IKEv2 uses pre-shared key and Digital Signature for authentication. See RFC 4306. .

master-mac1 <mac1>

The MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address of the certificate on the Mobility Master.

master-mac2 <mac2>

(Optional) the MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address of the certificate on the backup Mobility Master.

ca-cert <ca>

User-defined name of a trusted CACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. certificate installed on the Mobility Master. Use the show crypto-local pki TrustedCA command to display the CACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. certificates that have been imported into the Mobility Master.

server-cert <cert>

User-defined name of a server certificate installed on the Mobility Master. Use the show crypto-local pki ServerCert command to display the server certificates that have been imported into the Mobility Master.

interface

Specify the uplink or VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. interface on the Mobility Master to initiate IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard..

   uplink

Use the Mobility Master’s current active uplink to initiate IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard..

   vlan <id>

Specify a VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. interface on the Mobility Master to initiate IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard.. If you do not specify a VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN., the Mobility Master IP will be used.

fqdn <fqdn>

Identify a dynamically addressed managed device by entering the FQDNFully Qualified Domain Name. FQDN is a complete domain name that identifies a computer or host on the Internet. of the Mobility Master.

suite‑b

If you configure your master and managed devices to use IKEv2Internet Key Exchange version 2. IKEv2 uses the secure channel established in Phase 1 to negotiate Security Associations on behalf of services such as IPsec. IKEv2 uses pre-shared key and Digital Signature for authentication. See RFC 4306. and custom-installed certificates, you can optionally use Suite-B cryptographic algorithms for IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. encryption. Specify one of the following options:

gcm-128 Use 128-bit AESAdvanced Encryption Standard. AES is an encryption standard used for encrypting and protecting electronic data. The AES encrypts and decrypts data in blocks of 128 bits (16 bytes), and can use keys of 128 bits, 192 bits, and 256 bits.-GCM Suite-B encryption

gcm-256 Use 256-bit AESAdvanced Encryption Standard. AES is an encryption standard used for encrypting and protecting electronic data. The AES encrypts and decrypts data in blocks of 128 bits (16 bytes), and can use keys of 128 bits, 192 bits, and 256 bits.-GCM Suite-B encryption

ipsec-factory-cert

Use the factory-installed certificate on the Mobility Master to establish a master-local IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnel using IKEv2Internet Key Exchange version 2. IKEv2 uses the secure channel established in Phase 1 to negotiate Security Associations on behalf of services such as IPsec. IKEv2 uses pre-shared key and Digital Signature for authentication. See RFC 4306. .

master-mac1 <mac1>

The MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address of the certificate on the Master.

master-mac2 <mac2>

(Optional) the MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address of the certificate on the backup Mobility Master.

interface

Specify the uplink or VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. interface on the Mobility Master to initiate IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard..

   uplink

Use the Mobility Master’s current active uplink to initiate IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard..

   vlan <id>

Specify a VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. interface on the Mobility Master to initiate IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard.. If you do not specify a VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN., the managed device IP will be used.

fqdn <fqdn>

Identify a dynamically addressed managed device by entering the FQDNFully Qualified Domain Name. FQDN is a complete domain name that identifies a computer or host on the Internet. of the managed device.

Usage Guidelines

Use this command on a managed device to configure the IP address and preshared key or certificate for secure communication with the Mobility Master. On the Mobility Master, use the localip command to configure the IP address and pre-shared key or certificate for a managed device.

 

Changing the IP address of the master on a managed device requires a reboot of the managed device.

If your Mobility Master and managed devices use a pre-shared key for authentication, they will create the IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnel using IKEv1Internet Key Exchange version 1. IKEv1 establishes a secure authenticated communication channel by using either the pre-shared key (shared secret), digital signatures, or public key encryption. IKEv1 operates in Main and Aggressive modes. See RFC 2409.. If your Mobility Master and managed devices use certificates for authentication, the IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnel will be created using IKEv2Internet Key Exchange version 2. IKEv2 uses the secure channel established in Phase 1 to negotiate Security Associations on behalf of services such as IPsec. IKEv2 uses pre-shared key and Digital Signature for authentication. See RFC 4306. .

Example

The following command configures the Mobility Master with a pre-shared key:

(host) [00:0b:86:dd:87:00] (config) #masteripv6 2001::1 ipsec Aruba@123 masteripv4 10.20.1.1

Command History

Release

Modification

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

License

Command Mode

All platforms

The suite-b gcm-128 and suite-b gcm-256 encryption options for IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. custom certificates requires the Advanced Cryptography (ACR) license. All other parameters are available in the base operating system.

Available in the config mode on Mobility Master.

/*]]>*/