TYPE PROTOCOL SYSTEM IP ID ID PRIVATE IP PORT PUBLIC IP PORT REMOTE COLOR STATE UPTIME PEER PEER PEER SITE DOMAIN PEER PRIVATE PEER PUBLIC To display control plane security information, use the show control connections command on the vSmart controller. The port can be a number from 1025 through 65535. To change this: vSmart(config)# security control tls-port number To have all vSmart controllers use TLS, configure it on all of them.īy default, the vSmart controller listens on port 23456 for TLS requests. Tunnel only to that one vSmart controller, and they use DTLS tunnels to all the other vSmart controllers and to all theirĬonnected routers. The perspective of the other vSmart controllers, if you have not configured TLS on them, they use TLS on the control plane Said another way, TLS always takes precedence over DTLS. In a domain with multiple vSmart controllers, when you configure TLS on one of the vSmart controllers, all control plane tunnelsįrom that controller to the other controllers use TLS. Control plane tunnels to vBond orchestrators always use DTLS, because these connections must be handled by UDP. With this change, all control plane tunnels between the vSmart controller and the routers and between the controller and vManage You configure the control plane tunnel protocol on a vSmart controller: vSmart(config)# security control protocol tls You consider the vSmart controller to be a server, firewalls protect TCP servers better than UDP servers. The primary reason to use TLS is that, if You can change the control plane security protocol to TLS, which runs over TCP. Configure Data Plane Security ParametersĬonfigure Control Plane Security Parametersīy default, the control plane uses DTLS as the protocol that provides privacy on all its tunnels.Configure Control Plane Security Parameters.This section describes how to change security parameters for the control plane and the data plane in the Cisco SD-WAN overlay network.
0 Comments
Leave a Reply. |