Configuring secure connection HPE VAN SDN controller
Switches running OpenFlow can securely connect to HPE VAN SDN controller.
To accomplish the secure connection, follow these procedures:
Procedure
-
On the Switch running OpenFlow, create a TA (Trusted Anchor) profile:
crypto pki ta-profile VanProfile [TA-PROFILE-NAME]
-
Copy root certificate to the switch:
copy tftp ta-certificate [TA-PROFILE-NAME] [IP-ADDRESS of the server] [FILE-NAME]
-
Create an identity profile on the switch:
crypto pki identity-profile [PROFILE-NAME-STR] subject common-name [CN-VALUE]
-
Make a certificate signing request:
crypto pki create-csr certificate-name [CERT-NAME] ta-profile [TA-PROFILE-NAME] usage [openflow]
The same root certificate installed on the switch in step 2 must sign the CSR generated in this step.
-
Install the leaf certificate:
crypto pki install-signed-certificate
-
Paste the contents of the signed certificate in PEM format into the switch console.
NOTE:
Apart from Steps 5 and 6, another way to install PEM formatted certificate is to download it via TFTP using the command:
copy tftp local-certificate [TFTP Server IPv4/IPv6 address] [Name of the file containing certificate in PEM format]
-
Configure OpenFlow to connect to the VAN SDN controller:
openflow controller-id 3 ip 103.0.11.31 port 6634 controller interface vlan 1 instance "van" member vlan 100 controller id 3 secure version 1.3 limit hardware-rate 10000000 limit software-rate 10000 enable exit enable