Dell 6.2 Working in Enviro nments with Multiple Mas ter Controllers

90| Contr ol Plane Security DellPowerConnect W- Series ArubaOS 6.2 | User Guide

Therei s no need to purge a master switch whitelist duringthe co urseo f normaloperation. I f,however, you are

removinga controllerfrom the network, you can purge its switch whitelist after it has been disconnected from the

network.To clear a local switch whitelist entry on a master controller that is still connected to t henetwo rk,select

that individual whitelist entry and delete it using the delete optio n.

To purgea sw itch whitelist via the WebUI, use the following procedure:

1. A ccess the controller’sWebUI, and navigate to Configuration>Controller.

2. Select the Contr ol Plane Security tab.

3. To clear the Local Switch Whitelist: In the Local Switch List For AP Whitelist Sync sect ion, click Purge.

Or,

4. To clear the Master Switch Whitelist: In the Master Switch List For AP Whitelist Syn c section, click Purge.

To purgea sw itch whitelist via the command-line interface,issue the following commands:

whitelist-db cpsec-master-switch-list purge

whitelist-db cpsec-local-switch-list purge

Working in Enviro nments with Multiple Mas ter Controllers

If your network includes a redundantbackup master controller, you

after allAP s are communicating with their Dell controllers over a secure

channel.This ensures that all certificates, IP sec keys and campus AP whitelist entries are synchronizedt o the backup

controller.You should also synchronize the database any time the campus AP whitelist changes (APs are added or

removedt o ensurethat the backup controller has the latest settings.

Master and backupD ellcontrollers can be synchronized using either of the following methods.

lManual Synchronization: Issue the database synchronize CLI co mmandin enable mode to manually

synchronize databases from your primaryc ontrollerto t he backupco ntroller.

lAutomatic Synchronization: Schedule automatic database backups using the database synchronize period CLI

commandi n config mode.

WARNING:If you add a new backup controller to an existing controller, the backup controller must be added as the lower

prioritycontroller. Ifthe backup controller is not added as a lower priori tycontroller, yourcontrol plane security keys and certificates

maybe l ost.If you want the new backup controller to become your primary controller, increase the priority of that controller to a

primary controller

after

youhave synchronized your data.

If your network includesmultiple master Dell controllers each with their own hierarchy of APs and local Dell

controllers,you can allow APs from one hierarchyt o failoverto any other hierarchy by defining a

of master

Dell controllers.Each cluster has one master controller as its cluster root, and all other master Dell controllersas

clustermembers. The master controller operating as the cluster root creates a self-signed certificate, then certify it ’s

own local Dell controllersand AP s. Next, the cluster root sends a certificate to each cluster member, which in turn

certifies their own local Dell controllers and APs. Since all Dell controllers andA Ps in the cluster have the same trust

anchor,the AP s can switch to any other controlleri nt hecluster and still remain securely connected to the network.