Configuring secure connection HPE VAN SDN controller

Switches running OpenFlow can securely connect to HPE VAN SDN controller.

To accomplish the secure connection, follow these procedures:

  1. On the Switch running OpenFlow, create a TA (Trusted Anchor) profile: crypto pki ta-profile VanProfile [TA-PROFILE-NAME]
  2. Copy root certificate to the switch:
    copy tftp ta-certificate [TA-PROFILE-NAME] [IP-ADDRESS of the server] [FILE-NAME]
  3. Create an identity profile on the switch:
    crypto pki identity-profile [PROFILE-NAME-STR] subject common-name [CN-VALUE]
  4. Make a certificate signing request:
    crypto pki create-csr certificate-name [CERT-NAME] ta-profile [TA-PROFILE-NAME] usage [openflow]

    The same root certificate installed on the switch in step 2 must sign the CSR generated in this step.

  5. Install the leaf certificate:
    crypto pki install-signed-certificate
  6. Paste the contents of the signed certificate in PEM format into the switch console.

    Apart from Steps 5 and 6, another way to install PEM formatted certificate is to download it via TFTP using the command:

    copy tftp local-certificate [TFTP Server IPv4/IPv6 address] [Name of the file containing certificate in PEM format]
  7. Configure OpenFlow to connect to the VAN SDN controller:
    controller-id 3 ip port 6634 controller interface
    vlan 1 instance "van"
    member vlan 100
    controller id 3 secure
    version 1.3
    limit hardware-rate 10000000
    limit software-rate 10000