Configuring key-exchange, 2 configuring key-exchange – Comtech EF Data FX Series Administrator Guide User Manual

Comtech EF Data / Stampede

FX Series Administration Guide - Version 6.1.1

80

Chapter: FX Series Network Settings
Section: Redundancy

MN-FXSERIESADM6 Rev 5

Automatically Synchronize Configuration Changes:
This field must be enabled for configuration synchronization. Any time a configuration change is applied
using the browser administration interface; the change is immediately synchronized with the Secondary
Appliance and/or members of the “Member Appliance Pool”. The ‘Configuring Key-Exchange’ procedure
below must be performed.

Member Appliance Pool:
If the “Automatically Synchronize Configuration Changes” is enabled, then this field defines the list of
host names or IP addresses, separated by commas, of the appliances that will share the same
configuration files as the primary appliance. The devices defined in the “Member Appliance Pool”
share their configurations and require a valid SSH key to be exchanged with the “primary” appliance.

(See section titled “Configuring Key-Exchange” below).

Save Button:
Clicking on ‘Save’ will commit the fields on this form to disk. If this is the Initial configuration of high-
availability the appliance must be rebooted after the ‘Save’ completes.

4.8.2 Configuring Key-Exchange

In order for the FXs to securely communicate with each other in an automated fashion it is necessary to
use the FX-Series Appliance Manager” via SSH to configure common cluster authentication keys.

To configure the key exchange between the primary and secondary, log into the FX with “ssh” to access
the "FX-Series Appliance Manager" and perform the following sequence on the primary FX:

1. Choose “1 Configure Appliance”
2. Then choose “2 Configure Passwords”
3. Then choose “2 Configure Redundancy Cluster Key”
4. Enter the IP Address or host name of the peer appliance
5. On prompt: Are you sure you want to continue connecting (yes/no) enter ‘yes”
6. On the password prompt enter “comtech”

Repeat this for the secondary and/or each entry in the Member Appliance Pool.

NOTE: For 1:1 Redundancy with failover configurations, the primary appliance and secondary appliance
entries must be associated with the auxiliary port. A ‘short’ host name is required. These may be
specified via the DNS server or by configuring the local host table. (See Configuration->Host Settings)

ARP Considerations:

When the FX performs the IP take over it will send out a gratuitous ARP so that other routers are notified
of the take-over.