Security

Reply
Contributor I

Clearpass Publisher-Subscriber

Dear all expers,

I'm implementing clearpass with these solution:

1. Have 2 clearpass VA-25K , each VA-25 is separately running on different ESXi host like this.

 

                 ESXi(1)                                 ESXi(2)

                 CPPM-1                                CPPM-2

           IP:  1.1.1.1 (Publisher)               1.1.1.2  (Subscriber)   

 

2. I made CPPM-2 to be subscriber of CPPM-1 and at CPPM-1, i configured "TRUE" for standby Publisher and point Standby Subscriber to "CPPM-2" and configure Wait time to 5 min.

3.After that on Dashboard of both CPPMs, CPPM-1 was Publisher and CPPM-2 was Subscriber.

4. I took out LAN cable of CPPM-1, after that around 8-9 mins, CPPM-2 was changed to Publisher role.

5. I pushed CPPM-1 LAN cable back and CPPM-1 role was Publisher but it pop-up me with warning that we must reset database of CPPM-1 and re-join again.

 

If

5.1 I reset cluster database  on CPPM-1 and re-join again with Subscriber role. Then it's work fine but CPPM-2 will be Publisher and CPPM-1 will be Subscriber. However i click on CPPM-1 to "Promote to Publisher" then CPPM-1 was changed to Publisher and CPPM-2 was changed to Subscriber.

For (5.1) , it's work fine.

 

On the other hand,If

5.2 I reset cluster database on CPPM-2 and re-join with subscriber role to CPPM-1. It can't work and when i run CLI "cluster make-subscriber -i ..." on CPPM-2 , i showed me like CPPM-2 can't addSubscriber , try again... something like that.

 

So i'm not sure for the correct concept , when CPPM-1 (Publisher) is down and CPPM-2 take Publisher. How should we do when CPPM-1 come back?

 

Thanks ..

 

 

 

 

 

Moderator

Re: Clearpass Publisher-Subscriber

You basically captured the correct step in your "5.1".

 

I have a sizeable amount of data around this topic in my CPPM Clustering Technote. Take a look at this doc to see if it also provides you additional inisigt to this topic.

 

CPPM TechNote - Clustering Design Guidelines V1

 

 


Best Regards
-d

ClearPass Product Manager

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: