The following procedure describes configuring OpenFlow.
Step | Tasks | Command(s) |
---|---|---|
1 |
Enable OpenFlow on the switch. A system reset is required for this command to take effect. |
set openflow enable |
2 | Configure a trusted controller CA certificate. Any controller attempting to connect to this switch must use a certificate that was issued by this CA certificate. |
set pki certificate cacert no-confirm
-----BEGIN CERTIFICATE-----
MIIDiDCCAnACAQEwDQYJKoZIhvcNAQEFBQAwgYkxCzAJBgNVBAYTAlVTMQswCQYD
VQQIEwJDQTEVMBMGA1UEChMMT3BlbiB2U3dpdGNoMRUwEwYDVQQLEwxjb250cm9s
...
kL9Xzted6QScKWtaNG9RKX2LnUG73gUcKwD26TOrn2jZucidpbgPc7uZcs4=
-----END CERTIFICATE-----
|
3 | Configure switch‘s certificate. This is the switch‘s public certificate, which is presented to the controller during TLS authentication. |
set pki certificate sc-cert no-confirm
-----BEGIN CERTIFICATE----
MIIDfjCCAmYCAQIwDQYJKoZIhvcNAQEFBQAwgYExCzAJBgNVBAYTAlVTMQswCQYD
VQQIEwJDQTEVMBMGA1UEChMMT3BlbiB2U3dpdGNoMREwDwYDVQQLEwhzd2l0Y2hj
...
HHZu0NxDKdr6chrKUDqPNSOUeZjqq582AGkf1V1QWDogcijVJ20fKYknMu0pxkf4
66Dv/IVBwG6VR7PgVtXX8w8ufG6KcLsZyU9x5ud9LOg13DfjqQjvZz1TvsHuLtTx
vW8z85BXEUAa5FOMVnPBuFQa2vILUWz6fIq/eOszNDbLtg==
-----END CERTIFICATE-----
|
4 | Configure switch‘s private key. This key corresponds to the switch‘s public certificate, and must remain a secret. |
set tls privkey
Enter the PEM encoded key
End with the word "quit" on a line by itself
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,01D0CCCB6E8B2276
qA80e7OEEjOQSE93vCKQLkr9IOxZ4Y3BisydSCNBGL/LVMQ8rkBbY3DFZRXQ1NgU
67cmPNzoLBRDofpVmw72U42hsNsQggw8FpNAqlDLBxG4zLuaI1TiW/IWhdSEtwAjD
...
wzZ9tV1LUINx3a1u5EhiKpfWbsZmhZwNfZS9uJE9WIr9J1G4E9jJhY49V9QzRxuO
5tHGwGiFboGcRl8Z2Qi48c7BV+AafSHWIV6ZzJ4r9+ICfnlQurfE8F3hgg2WT/GC
-----END RSA PRIVATE KEY-----
quit
Please enter PEM passphrase:
|
5 | Tell TLS to use the certificates configured in steps 1 and 2. |
set tls certificate sc-cert set tls ca-cert cacert |
6 | Configure an active TLS connection to controller at address 10.10.10.10. | set openflow controller active 10.10.10.10 tls |