Configuring OpenFlow

The following procedure describes configuring OpenFlow.

Click to expand in new window

OpenFlow Configuration

Step Tasks Command(s)
1

Enable OpenFlow on the switch.

A system reset is required for this command to take effect.

set openflow enable
2 Configure a trusted controller CA certificate. Any controller attempting to connect to this switch must use a certificate that was issued by this CA certificate.
set pki certificate cacert no-confirm
 -----BEGIN CERTIFICATE----- 
MIIDiDCCAnACAQEwDQYJKoZIhvcNAQEFBQAwgYkxCzAJBgNVBAYTAlVTMQswCQYD
VQQIEwJDQTEVMBMGA1UEChMMT3BlbiB2U3dpdGNoMRUwEwYDVQQLEwxjb250cm9s
...
kL9Xzted6QScKWtaNG9RKX2LnUG73gUcKwD26TOrn2jZucidpbgPc7uZcs4=
-----END CERTIFICATE----- 
3 Configure switch‘s certificate. This is the switch‘s public certificate, which is presented to the controller during TLS authentication.
set pki certificate sc-cert no-confirm
-----BEGIN CERTIFICATE----
MIIDfjCCAmYCAQIwDQYJKoZIhvcNAQEFBQAwgYExCzAJBgNVBAYTAlVTMQswCQYD
VQQIEwJDQTEVMBMGA1UEChMMT3BlbiB2U3dpdGNoMREwDwYDVQQLEwhzd2l0Y2hj
...
HHZu0NxDKdr6chrKUDqPNSOUeZjqq582AGkf1V1QWDogcijVJ20fKYknMu0pxkf4
66Dv/IVBwG6VR7PgVtXX8w8ufG6KcLsZyU9x5ud9LOg13DfjqQjvZz1TvsHuLtTx
vW8z85BXEUAa5FOMVnPBuFQa2vILUWz6fIq/eOszNDbLtg==
-----END CERTIFICATE-----
4 Configure switch‘s private key. This key corresponds to the switch‘s public certificate, and must remain a secret.
set tls privkey 
Enter the PEM encoded key
End with the word "quit" on a line by itself
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,01D0CCCB6E8B2276

qA80e7OEEjOQSE93vCKQLkr9IOxZ4Y3BisydSCNBGL/LVMQ8rkBbY3DFZRXQ1NgU
67cmPNzoLBRDofpVmw72U42hsNsQggw8FpNAqlDLBxG4zLuaI1TiW/IWhdSEtwAjD
...
wzZ9tV1LUINx3a1u5EhiKpfWbsZmhZwNfZS9uJE9WIr9J1G4E9jJhY49V9QzRxuO
5tHGwGiFboGcRl8Z2Qi48c7BV+AafSHWIV6ZzJ4r9+ICfnlQurfE8F3hgg2WT/GC
-----END RSA PRIVATE KEY-----
quit
Please enter PEM passphrase:
5 Tell TLS to use the certificates configured in steps 1 and 2.
set tls certificate sc-cert

set tls ca-cert cacert
6 Configure an active TLS connection to controller at address 10.10.10.10. set openflow controller active 10.10.10.10 tls