Factory-installed certificate for communication between a managed device and a Mobility Master

MVP Expert
MVP Expert
Q:

How to configures the factory-installed certificate for communication between a managed device and a Mobility Master.



A:

By using the below command on a Mobility Master to configure the factory certificate for communication with a managed device. On the managed device, use the masterip command to configure the IP address and certificates for the Mobility Master. If your Mobility Master and managed devices use certificates for authentication, the IPsec tunnel will be created using IKEv2.


When a managed device communicates with Mobility Master to set up IPsec tunnels, the uplink vlan tag configured via the uplink command will be sent along in vendor-id payload during IKE negotiation. This will uniquely bind the tunnel from a particular uplink on the managed device to a corresponding map on Mobility Master.

local-factory-cert local-mac <lmac> [load-balance]

 

Example:


The following command configures the managed device with a factory-installed certificate:
(host)[node](config) #local-factory-cert local-mac 00:16:CF:AF:3E:E1

The output of this command shows that two managed devices have a custom certificate installed.

(host)[node] # show local-cert-mac
Local Switches configured by Local Certificate
-----------------------------------------------
Switch IP of the Local MAC address of the Local Cert-Type CA cert
---------------------- ------------------------ --------- -------
10.4.62.3 0B:86:F0:12:AC:15 Custom CAcert
10.4.62.5 00:0B:86:F0:05:60 Custom Undefined

Version history
Revision #:
2 of 2
Last update:
‎04-05-2019 03:32 AM
Updated by:
 
Labels (1)
Contributors
Comments

The following command configures the managed device with a factory-installed certificate:
(host)[node](config) #local-factory-cert local-mac 00:16:CF:AF:3E:E1

The output of this command shows that two managed devices have a custom certificate installed.

(host)[node] # show local-cert-mac

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: