Dell 6.2 Replacing a Master Controllerwith No Backup, Replacing a Redundant Master Controller

window, select the entry for the local controller you want to delete from the local switch whitelist, and click Delete.

4.Install the new local controller, but do not connect it to the network yet. If the controller has been previously installed on the network, you must ensure that the new local controller has a clean whitelist.

5.Access the command-line interface on the new local controller and issue the command whitelist-db cpsec purge

Or,

Access the local controller WebUI, navigate to Configuration>AP Installation>Campus AP Whitelist and click Purge.

6.Now, connect the new local controller to the network. It is very important that the local controller is able to contact the master controller the first time it is connected to the network, because the local controllertries to get its control plane security certificate certified by the master controller the first time the local controller contacts its master.

7.Once the local controller has a valid control plane security certificate and configuration, the local controller receives the campus AP whitelist from the master controller and starts certifying approved APs.

8.APs associated with the new local controller reboots and creates new IPsec tunnels to their controller using the new certificate keys

Replacing a Master Controllerwith No Backup

Use the following procedure to replace a master controller that does not have a backup controller.

1.Remove the old master controller from the network.

2.Install and configure the new master controller, then connect the new master to the network. The new master controller generates a new certificate when it first becomes active

3.If the new master controller has a different IP address than the old master controller, change the master IP address on the local Dell controllers to reflect the address of the new master.

4.Reboot each local controller to ensure that the local Dell controllers get their certificate from the new master. Each local controllerbegins using a new certificate signed by the master controller.

5.APs are now no longer be able to securely communicate with the controller using their current key, and must receive a new certificate. Access the campus AP whitelist on any local controller and change all APs in a “certified” state to an “approved” state. The new master controller sends the approved APs new certificates. The APs reboot and create new IPsec tunnels to their controller using the new certificate key.

If the master controller does not have any local Dell controllers, you must recreate the campus AP whitelist by turning on automatic certificate provisioning or manually reentering the campus AP whitelist entries.

Replacing a Redundant Master Controller

The control plane security feature requires you to synchronize databases from the primary master controller to the backup master controller at least once after the network is up at running. This ensures that all certificates, keys and whitelist entries are synchronized to the backup controller. Since the AP whitelist may change periodically, the network administrator should regularly synchronize these settings to the backup controller. For details, see "Configuring Networks with a Backup Master Controller" on page 90

When you install a new backup master controller, you must add it as a lower priority controller than the existing primary controller. After you install the backup controller on the network, synchronize the database from the existing primary controller to the new backup controller to ensure that all certificates, keys and whitelist entries required for control plane security are added to the new backup controller configuration. If you want the new controller to act as the primary controller, you can increase that controller’s priority after the settings have been synchronized.