AAA, NAC, Guest Access & BYOD

How to change the VIP ID from default in CPPM?

Aruba Employee
Requirement:

 

We might require to change VIP ID from default ID=1 as it may cause conflicts in the network with existing VRRP VRID 1.



Solution:

 

Currently the VIP ID is not editable in ClearPass.  As a workaround we can create a fake VIP configuration and disable it. After that create the real VIP configuration and keep it active. So the active one will use an ID incremented from 1.



Configuration:


Configure two VIPs as shown below (fake vs active), 

 

 

 



Verification

 

In the above configuration, a fake VIP is created with IP 192.168.1.15 for DATA Port and the real VIP for MGMT port is 10.17.164.10.

 

We can verify the ID of active VIP by collecting server logs and navigating to PolicyManagerLogs >> vip-service. Each VIP will contain it's respective vip-xxxx.cong file as shown below.

vip-3004.conf
-------------

ID=1
VIP_ADDRESS=192.168.1.15
PASSWORD=6a477654-153f-4a0b-
PRIORITY=0
WAITPERIOD=10
BIND_INTERFACE=eth1

 

cat vip-3005.conf
-----------------

ID=2
VIP_ADDRESS=10.17.164.10
PASSWORD=adfa0955-65e0-4e3f-
PRIORITY=0
WAITPERIOD=10
BIND_INTERFACE=eth0

 

Once the fake VIP is disabled, we will not see the corresponding vip conf file of it.  So the Active VIP will use the ID 2 and won't conflict with VRRP ID in the network.

 

 

 

 

 

Version history
Revision #:
2 of 2
Last update:
‎03-17-2017 08:31 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.