Security

Reply
Frequent Contributor II
Posts: 122
Registered: ‎01-19-2013

Cluster enforcement profiles

Is there a good way to manage different radius return attributes to a controller that will be pointed at 2 clearpass servers. If CPPM01 process request I want to return the logon role that will redirect to CPPM01/guest and if CPPM02 does the request then return logon role for CPPM02/guest. I know I can do this with multiple enforcement rules but I was trying to reduce the rule count.
Thanks
Guru Elite
Posts: 8,648
Registered: ‎09-08-2010

Re: Cluster enforcement profiles

Are the network devices (controllers / switches) all pointed to a specific CP server? You can add attributes to each NAD in the Network Device configuration which you can then use in your enforcement.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I
Posts: 8
Registered: ‎02-02-2014

Re: Cluster enforcement profiles

Yes the one aruba controller is pointed at two CPPM servers. If one goes down I still want to be able to process web-auth requests. Just trying to do it with just a few rules.
Guru Elite
Posts: 8,648
Registered: ‎09-08-2010

Re: Cluster enforcement profiles

Both servers can authenticate existing guest users. If the publisher goes down, you would need to promote the subscriber to publisher in order to create NEW guest accounts. The best solution here is to use a virtual IP along with the auto promote publisher feature.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: