ArubaOS and Controllers

Reply
New Contributor
Posts: 3
Registered: ‎03-09-2010

Local Controller IPSec Keys

I have an Aruba 6000 Controller setup as a master and I am working with the IPSec Keys (Configuration -> Network -> Controller -> System Settings). I am doing a cleanup after a co-worker configured it.

The error I am getting is: PSK for 0.0.0.0 is not secure {Please change configuration line "localip 0.0.0.0 ipsec" psk key to a more secure value than the default value}

I have tried deleting the 0.0.0.0 from the Web interface, it states 'changes applied' but the 0.0.0.0 just shows backup. I also have tried using the command line interface with the following commands:

configure t
no localip 0.0.0.0 ipsec
or
configure t
no localip 0.0.0.0

I receive an invalid input error.

Any ideas on how I can clear out this un-secure key that was entered in error?

Thanks!
Guru Elite
Posts: 20,553
Registered: ‎03-29-2007

Change the key

Networktechie,

If you only have a single master controller and no locals, you can just change the IPSEC key to anything else, not remove it. You see that message because the IPSEC key is the default and Aruba wants you to change it from that. .

If you have a local controller, this is more complicated, because you will have to change the key from on the master AND the local at the same time, and this will require the local controller to reboot. You will have to schedule downtime to do this.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 3
Registered: ‎03-09-2010

1 Master, 3 Local

The way it is setup is 2 Masters (Master, Backup to Master), with 3 Locals (Local 1, Local 2, Backup to Local 1). The Master has 4 Local IPsec entries, 1 for each local and then the 1 0.0.0.0 entry.

Since there is no local corresponding to this 0.0.0.0 I tried to just change it to a unused address and hit apply, again it said 'changes applied' but it just changed back to the 0.0.0.0.

Is there a real security risk from having this 0.0.0.0 on the controller or can I just ignore this error as a nuisance?
Guru Elite
Posts: 20,553
Registered: ‎03-29-2007

Ignore

You can ignore for now. Since you have locals, you would have to change the master and the locals to the same key, which would force a reboot on the locals. Consider changing this at your next maintenance windows.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 3
Registered: ‎03-09-2010

Thanks

Thanks for the help!
Occasional Contributor II
Posts: 12
Registered: ‎07-13-2010

follow-on question

I hope I'm able to revive this thread with a quick question....

Is there a way to determine the cleartext IPSEC key from enable-mode on the controllers? I want to change the masterip, however it looks like I need to re-enter the IPSec key which has somehow disappeared from any/all documentation ;)

TIA
Eric
Aruba Employee
Posts: 664
Registered: ‎04-15-2009

Re: Local Controller IPSec Keys

Eric,

From the CLI, go into enable mode and type "encrypt disable". This will unencrypt passwords and other non-hashed data from the config. You should then be able to see the key from "show running-config". To re-enable encryption, just exit the session (this is a per-session command) or type "encrypt enable".
Occasional Contributor II
Posts: 12
Registered: ‎07-13-2010

Re: Local Controller IPSec Keys

Thanks very much... it worked perfectly
Aruba Employee
Posts: 41
Registered: ‎04-02-2007

follow-on question

Use "encrypt disable".
Search Airheads
Showing results for 
Search instead for 
Did you mean: