Security

Reply
Contributor I
Posts: 23
Registered: ‎05-28-2014

Adding new Clearpass in DR Site as a Publisher

Hi,

 

In my environment, we already have two Clearpass devices (One as a publisher and One as a subscriber). We are adding one device at DR site and perform below steps, need your recommendation on it.

 

Steps of Activities:

  1. Basic configure on new device and add as a Subscriber
  2. Promote it as a Publisher and current devices as a subscriber
  3. Make one subscriber as a designated/Standby Publisher.

 

Requirements after completion of above Activities:

  1. Subscribers are serving NAD devices
  2. If one subscriber goes down, 2nd subscriber will start serving.
  3. If both subscriber goes down, then Publisher will start serving.
  4. If designated/Standby Publisher goes down, 2nd subscriber will act as backup.

 

Kindly let me know following thing:

  1. How to promote permantely DR Device from Subscriber to Publisher
  2. How to configure 2nd Subscriber as a backup of Designated/Standby Publisher.
  3. How to make One Subscriber serving NAD devices and 2nd Subscriber as a backup for serving NAD devices and if both goes down Publisher will serve NAD Devices.

 

 

Guru Elite
Posts: 21,029
Registered: ‎03-29-2007

Re: Adding new Clearpass in DR Site as a Publisher

What kind of authentication are you doing with clear pass?
What NADs are you using?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 23
Registered: ‎05-28-2014

Re: Adding new Clearpass in DR Site as a Publisher

Hi Colin,

 

We are doing only 802.1x authentication.

We have Cisco Swtiches and Cisco & Aruba Controllers.

 

Regards,

Atif.

Guru Elite
Posts: 21,029
Registered: ‎03-29-2007

Re: Adding new Clearpass in DR Site as a Publisher

You have two things you are talking about:

 

- You could have one server as a primary radius server and a second server as a backup server on both the Aruba Controller and the Cisco switches to provide NAD redundancy

- If you add a third ClearPass server, that will provide survivability of the cluster, but if your NAD can only point to two radius servers, primary and secondary, a third ClearPass server will not really help you if they are not pointing to the third one.

 

The most high performance solution is to have a load balancer in front of as many ClearPass radius servers that you want, but that might not be in your plan/budget...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 23
Registered: ‎05-28-2014

Re: Adding new Clearpass in DR Site as a Publisher

Hi Colin,

 

Thanks for your reply,

 

I am planning to configure Virtual IP setting and make Designated/Standby Publisher as a primary and other Subscriber as a secondary. Virtual IP as primary server and Publisher IP as a secondary server.

 

Will this work?

 

2nd Thing, how I will change Subscriber to Publisher and one subscriber as a Designated/Standby Publisher and Other Subsriber as a backup of Designated/Standby Publisher.

 

Regards,

Atif.

Guru Elite
Posts: 21,029
Registered: ‎03-29-2007

Re: Adding new Clearpass in DR Site as a Publisher

It should work on the face of it, but you should have someone review your design in detail to make sure there are not any unforseen circumstances.

 

You can promote any subscriber to a publisher, yes.  You can also designate a standby publisher described on the page here:  http://www.arubanetworks.com/techdocs/ClearPass/6.6/PolicyManager/index.htm#CPPM_UserGuide/Admin/ServerConfig_clusterwideparams.htm



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Moderator
Posts: 488
Registered: ‎11-09-2012

Re: Adding new Clearpass in DR Site as a Publisher

Take a look at my cluster design guide..!!

 

CPPM TechNote - Clustering Design Guidelines V1


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: