Connecting to a remote controller
Procedure
-
Create an HSC with the command
hsc. -
Configure the IP address of the HSC manager on the remote controller with the command
manager ip. The HSC manager must be reachable via the management port on the switch. - Optionally, change the TCP port on which the HSC communicates with the HSC manager with the command manager port. By default, port 6640 is used. The remote controller OVSDB client listens on this default port.
-
Enable the HSC with the command
enable. -
Obtain the default certificate on the HSC with the command
show crypto pki certificate local-cert pem. Copy the lines between ----BEGIN CERTIFICATE----- and -----END CERTIFICATE-------. You need to provide this certificate when configuring the remote controller.
Example
switch(config)# hsc
switch(config-hsc)# enable
Trust Anchor (TA) profile configurations are not used for HSC
authentication. Instead HSC will store the CA certificate from the
HSC controller during the first TLS handshake and use it for all
future authentications with HSC servers. This CA certificate will
not be used for any other certificate-based authentication. Do you
want to continue (y/n)? y
switch(config-hsc)# exit
switch(config)# exit
switch# show crypto pki certificate local-cert pem
Certificate name: local-cert
Associated Applications:
captive-portal, hsc, https-server, syslog-client
Certificate status: installed
Certificate type: self-signed
-----BEGIN CERTIFICATE-----
MIDITCDskKkeLkDKfjlsafkdjLdfkejwlisfuslekfjsdkfjelfrjsekfslkefjselfkjslde8383
...
3md0k4o9vjksdoijeknkviocvhsksdoeo399((jifiIIIHFKwlIelId8rekILF:IofJe,kei(gfo9
-----END CERTIFICATE------