Connecting to a remote controller

  1. Create an HSC with the command hsc.
  2. Configure the IP address of the HSC manager on the remote controller with the command manager ip. The HSC manager must be reachable via the management port on the switch.
  3. Optionally, change the TCP port on which the HSC communicates with the HSC manager with the command manager port. By default, port 6640 is used. The remote controller OVSDB client listens on this default port.
  4. Enable the HSC with the command enable.
  5. Obtain the default certificate on the HSC with the command show crypto pki certificate local-cert pem. Copy the lines between ----BEGIN CERTIFICATE----- and -----END CERTIFICATE-------. You need to provide this certificate when configuring the remote controller.


switch(config)# hsc
switch(config-hsc)# enable
Trust Anchor (TA) profile configurations are not used for HSC
authentication. Instead HSC will store the CA certificate from the
HSC controller during the first TLS handshake and use it for all
future authentications with HSC servers. This CA certificate will
not be used for any other certificate-based authentication. Do you
want to continue (y/n)? y
switch(config-hsc)# exit
switch(config)# exit
switch# show crypto pki certificate local-cert pem
  Certificate name: local-cert
  Associated Applications:
     captive-portal, hsc, https-server, syslog-client
  Certificate status: installed
  Certificate type: self-signed
    -----END CERTIFICATE------