Security

Reply
Contributor I
Posts: 44
Registered: ‎03-10-2014

Clearpass cluster with Virtual IP

Dear all experts,
Due to i'm implementing 2 CPPMs work together with cluster and Virtual IP (VIP) concept. First CPPM (CPPM1) is Publisher, second CPPM (CPPM2) is Subscriber. For working load will have around 200 NAD devices come to authenticate with CPPM. And CPPM will be authenticate with AD again. However, due to a lot of NAD devices, we want to separate NAD devices into 2 groups (100 NAD devices per one group). First NAD group will point to VIP that CPPM1 is primary, and second NAD group will point to VIP that CPPM2 is primary too. I have some questions that want to ask you:
1. Do we need to use both Mgmt and DATA port on both CPPMs. Or we can use only Mgmt port on each CPPM to support for above requiement. Due to will have some datas such accounting , authentication status or anything else that will be replicated between two CPPMs. So i'm not sure do we need to separate mgmt and data port for this design or not?
2. On CPPM, what ip address should be used for NAD device to point to?  Physical ip address or virtual ip address?
3. When CPPM1 lost connectivity, CPPM2 will immediatly take place or not?
4. How often information will be replicated between both CPPMs? And supposing if CPPM1 lost connection, some of information such accounting might be losts right?

 

 

Aruba
Posts: 1,536
Registered: ‎06-12-2012

Re: Clearpass cluster with Virtual IP

http://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=15546

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Contributor I
Posts: 44
Registered: ‎03-10-2014

Re: Clearpass cluster with Virtual IP

Thanks for your help. After i read the document, it look like only configuration database will be replicated between publisher and subscriber. But suppose CPPM1 lost connection, accounting informations will not be updated to CPPM2 right?

Search Airheads
Showing results for 
Search instead for 
Did you mean: