Security

Reply
Frequent Contributor I

CPPM data port and mgmt port on different Subnets, same VLAN

Because of configuration issues on our switches, I setup our CPPM boxes with 2 interfaces on different subnets, but both subnets are carried on the same VLAN.  I've read forum posts here and the tech docs and I didn't see any limitations in doing this, but it's exhibiting odd behavior.  We're seeing the IP address of the data port using 2 MAC addresses, and the IP address of the mgmt port using the same 2 MAC addresses.  Since they are on the same VLAN, it's wreaking havoc on the connecting switches' ARP and MAC tables.

 

Is there some CPPM configuration that will lock the data port to a MAC and also the mgmt port?

 

thanks

 

Mike Davis
Network Engineer
University of Delaware

Re: CPPM data port and mgmt port on different Subnets, same VLAN

I'm not surprised you're having issue to be honest as the setup you have isn't recommended. 

 

Just because it doesn't say you can't do it doesn't mean you should. :)

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216 | AMFX #11
---------------------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.

Re: CPPM data port and mgmt port on different Subnets, same VLAN

Mike,

 

Some people think that having both management port and dataport is mandatory or best-practice.

 

Unless you have a specific need for it, I would go for just the management port and leave data unconfigured. Reason for that is that having two ports complicates the deployment. Please read the Technote on ClearPass Service Routing if you want to understand the feature. If you don't understand or are unsure, deploy ClearPass on a single interface.

 

To skip data port configuration during the initial setup, just press Enter on the question for the IP address of the data port. If you already configured the data port IP, remove the values in the server manager.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: