Chapter 3Connecting the Switch to the Network3 - 10Installing a Redundant Peer or Cluster PeerIf you are installing the second switch in a redundant pair (called an ARXcluster) or if you are configuring a second ARX cluster in a DisasterRecovery (DR) configuration, you need to provide additional information tothe initial-boot script because all members of the cluster share a commonmaster key.NoteA master key is an encryption key for all critical security parameters(CSPs), such as administrative passwords.Redundant switches must use the same master key because they share thesame users, groups, and passwords. In the case of of a DR configuration, allfour ARX devices must be configured with a common master key.At the peer that is currently installed, enter the show master-key commandto create an encrypted copy of the master key.The CLI prompts you for the following passwords:• System password. The system password is entered at initial-boot timeand validates that you have permission to access the master key. SeeBooting a Non-Replacement Switch, on page 3-4.The system password is 12 – 32 characters long.• Wrapping password. The wrapping password is set with theshow master-key command. The security software uses the wrappingpassword to encrypt (and later decrypt) the master key string.Enter 12 – 32 characters. At least one character in this password must bea number (0-9) or a symbol (!, @, #, $, and so on).ImportantSave this password; you will need it later to decrypt the master key on thereplacement switch.The show master-key command outputs a base64-encoded string that is theencrypted master key. Save this string and the wrapping password that youset in the command.The following example shows the master key on a switch named prtlndB.prtlndB# show master‐keyMaster Key System Password: %uper$ecretpwWrapping Password: an0ther$ecretpwValidate Wrapping Password: an0ther$ecretpwEncrypted master key:2oftVCwAAAAgAAAApwazSRFd2ww/H1pi7R7JMDZ9SoIg4WGA/XsZP+HcXjsIAAAADDRbMCxE/bc=prtlndB# ...