Security

Reply
Frequent Contributor I
Posts: 72
Registered: ‎05-16-2012

ClearPass virtual ip for RADIUS

Dear Airheads experts,

 

I have some questions regarding ClearPass vip address.

 

Can I use on the NAD side (for example aruba controller) only the ClearPass VIP address as a RADIUS server if I have two ClearPass in a cluster?

eg.: server group - ClearPass VIP address

If I do it this way which ClearPass will serve the RADIUS requests If both ClearPass is up? The publisher? or is it load balanced?

And what about if the publisher goes down?

 

I have to move the ClearPass from one platform to another (ESX-Hyperv) and than I have to add a second node to it. I think If we don't have a big downtime we can do it the following way:

1. Clean install on the hyper-v

2. add a different ip to the clearpass than the active esx node

2. restore the configuration without the ip ( uncheck "Restore cluster server/node entries from backup")

3. add a subscriber node with different ip

4. add vip address (previous clearpass ip on esx)

 

My second idea is to move the clearpass what is on the esx with its ip and just add a subscriber node to it. Then add the subscriber ip on the NAD devices to the server group as a failover RADIUS or check LB if it is necessary.

 

Could you help me what is the best practise in this case?

 

Thank you in advance for your help!

Zs

 

 

Moderator
Posts: 495
Registered: ‎11-09-2012

Re: ClearPass virtual ip for RADIUS

Can I suggest that you read my ClearPass Clustering TechNote. Then come back with any outstanding Q's you have.

 

In respect of moving from ESXi -> Hyper-V, yes you can cluster CPPM across dissimilar platforms. Yes, you can move a node, cluster them and add a VIP across them and have the NAD's talk to the VIP for availability/failover.


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Frequent Contributor I
Posts: 72
Registered: ‎05-16-2012

Re: ClearPass virtual ip for RADIUS

Hi Danny,

 

Thank you for your prompt reply I went trought it and i get my answers.

 

Zs

Search Airheads
Showing results for 
Search instead for 
Did you mean: