Connecting to a remote controller
Procedure
-
Create an HSC with the command
hsc
. -
Configure the IP address of the HSC manager on the remote controller with the command
manager ip
. The HSC manager must be reachable via the management port on the switch. - Optionally, change the TCP port on which the HSC communicates with the HSC manager with the command manager port. By default, port 6640 is used. The remote controller OVSDB client listens on this default port.
-
Enable the HSC with the command
enable
. -
Obtain the default certificate on the HSC with the command
show crypto pki certificate local-cert pem
. Copy the lines between ----BEGIN CERTIFICATE----- and -----END CERTIFICATE-------. You need to provide this certificate when configuring the remote controller.
Example
switch(config)# hsc switch(config-hsc)# enable Trust Anchor (TA) profile configurations are not used for HSC authentication. Instead HSC will store the CA certificate from the HSC controller during the first TLS handshake and use it for all future authentications with HSC servers. This CA certificate will not be used for any other certificate-based authentication. Do you want to continue (y/n)? y switch(config-hsc)# exit switch(config)# exit switch# show crypto pki certificate local-cert pem Certificate name: local-cert Associated Applications: captive-portal, hsc, https-server, syslog-client Certificate status: installed Certificate type: self-signed -----BEGIN CERTIFICATE----- MIDITCDskKkeLkDKfjlsafkdjLdfkejwlisfuslekfjsdkfjelfrjsekfslkefjselfkjslde8383 ... 3md0k4o9vjksdoijeknkviocvhsksdoeo399((jifiIIIHFKwlIelId8rekILF:IofJe,kei(gfo9 -----END CERTIFICATE------