Dell W-Series 334 Instant 6.5.1.0-4.3.1.0 User Guide - Page 304
Cluster Security, Overview
View all Dell W-Series 334 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 304 highlights
Chapter 24 Cluster Security This chapter describes cluster security and the procedure for configuring cluster security DTLS for secure communication. It includes the following topics: l Overview on page 304 l Enabling Cluster Security on page 305 l Cluster Security Debugging Logs on page 305 l on page 306 Overview Cluster security is a communication protocol that secures control plane messages between Instant access points. Control plane messages such as configuration, cluster join, and other messages distributed between the devices in a cluster are secured using this protocol. Cluster security operates on the UDP port 4434 and uses DTLS protocol to secure messages. Cluster Security Using DTLS Cluster security provides secure communication using Datagram Transport Layer Security (DTLS). A DTLS connection is established between the W-IAPs communicating with each other in the cluster. Following are some of the advantages of using DTLS for cluster security: l Mutual authentication is done between the W-IAPs in a cluster using device certificate. l Peer MAC address validation against AP whitelist can be enabled in the configuration. l Control plane messages between cluster members are transmitted securely using the DTLS connection established. If auto-join is enabled, backward compatibility and recovery of W-IAPs is allowed on ARUBA UDP port 8211. Messages required for image synchronization and cluster security DTLS state synchronization are the only messages allowed. If auto-join is disabled, the MAC address of a peer W-IAP is verified against the AP whitelist during device certificate validation. Locked Mode Slave W-IAP A slave W-IAP with non-factory default configuration is considered to be in locked mode of operation. These slave W-IAPs will not be able to join the existing non-DTLS cluster as backward compatibility and recovery is not allowed. To recover the slave W-IAPs in locked mode: l Execute the disable-cluster-security-dtls action command on the slave W-IAP , or l Factory reset the slave W-IAP. Dell Networking W-Series Instant 6.5.1.0-4.3.1.0 | User Guide Cluster Security | 304