beautypg.com

Disabling an ssl client – Brocade Multi-Service IronWare Software Defined Networking (SDN) Configuration Guide (Supporting R05.6.00) User Manual

Page 30

background image

20

Multi-Service IronWare SDN Configuration Guide

53-1003034-02

Configuring OpenFlow

1

The ip-address keyword specifies the IP address of the Controller. By default, the connection with
the Controller uses SSL encryption, but you can optionally disable SSL encryption using the no-ssl
keyword. By default, the OpenFlow connection uses TCP port 6633, but you can specify another
port using the port keyword.

Use the [no] version of the command to remove the specified OpenFlow Controller connection.

To connect to a controller in the passive mode, enter the following command:

Brocade(config)# openflow controller passive no-ssl

Syntax: [no] openflow controller passive no-ssl [ip-address ip-address] [port port]

The passive keyword specifies that the device is in the passive mode. You can optionally specify the
TCP port to be used for the connection. By default, the device accepts the connection from a
controller with any IP address. However, you can provide an IP address to limit which controller can
connect to the device.

Use the [no] version of the command to remove a passive connection. Passive mode connections
are intended for testing environments and not recommended for production environments.

Setting up SSL encryption for controller connections

By default, a connection to the controller uses SSL encryption. To set up SSL connection, copy the
SSL certificate and SSL client private key from the remote machine where you generated these into
the device's flash using the following commands:

copy tftp flash client-certificate

copy tftp flash client-private-key

Syntax: copy tftp flash remote ip|remote file client-certificate

and

Syntax: copy tftp flash remote ip|remote file client-private-key

The remote ip parameter specifies the IP address of the remote machine from which the SSL client
certificate is being copied.

The remote file parameter specifies the filename of the client certificate in the first command, and
the client private key in the second command.

For each controller, you must enter both the commands. The device can store up to three SSL
certificates and client private keys. If you remove a controller connection, you will need to delete
the SSL certificates and client private keys from the device’s flash memory using the monitor mode
commands.

Disabling an SSL client

You can disable the SSL client within the device using the following command:

Brocade# ip ssl client disable

Syntax: [no] ip ssl client disable

After you disable an SSL client in the device, the corresponding controller connection that used SSL
encryption will fail. However, you can reenable the controller connection by removing the SSL
encryption option from the controller connection. Use the [no-ssl] option in the openflow controller
ip-address ip-address [no-ssl] [port port] command to disable SSL encryption in the connection.

See also other documents in the category Brocade Computer Accessories: