06-16-2016 06:14 AM
We recently installed a single Clearpass server into our environment mainly for basic NAC purposes. We are a Cisco shop and our network is comprised of catalyst level Cisco switches. We also use a Cisco IP Phone system.
Our network layout requires that an IP phone be plugged into a switchport and the employee has their PC plugged into the phone. In order to run this configuration with Clearpass we are required to configure our switchports as multi-domain which allows two different vlans on the same port. This configuration has one fatal flaw.
Recently, we had an event where our backup generator lost sync with our transfer switch and our backup UPS failed as well, perfect storm. Our VM clusters went down including our Clearpass server. The Cisco switches came back online before our servers did. When the switchports are confirgured as multi-domain and cannot communicate with Clearpass to get the vlan assignments for the 2 devices connected to the port the switchport goes into shutdown mode. We had to reboot our switches after clearpass came back up just to get our employee phones and PCs back online.
This is a huge concern going forward. I'm not as concerned about the perfect storm that we experienced with the loss of power, but what about a simple Clearpass server update that requires a restart? Is this going to give us problems as well? Does anyone have experience with this?