02-12-2015 06:26 AM
Greetings - we ideally need to split our ClearPass servers between two Data Centres, for resilience/DR. Layer-2 comms between the two is not readily available. Can I still create a Cluster from the ClearPass servers, if they're in different subnets? All the examples I've seen have them in the same subnet... Is there a minimum bandwidth (max latency?) required between publisher and subscriber(s)?
If they can be split across subnets, I presume remote controllers would need to target the two Clearpass servers separately (no VIP). Are there any limits on ArubaOS version needed to achieve this?
Solved! Go to Solution.
02-12-2015 06:30 AM
To use the HA URL for guest without any third party load balancers, they need to be L2 adjacent for the VIP to work.
Check out these TechNotes:
Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
02-12-2015 06:55 AM
Thanks Tim - it appears that the 'same-subnet' requirement is limited to Guest authentications, using a web-page (and VIP) then? If we're doing RADIUS authentications only we could use different subnets for the servers and use AOS 6.4 authentication server load-balancing (?) from the controllers across the two different server IPs?
02-12-2015 07:51 AM
I just want to add to Tim's coments.
Depending on the sclae of the deployment you MAY want to consider a SLB, there is also another TechNote of mine descibing in a lot of detail a CPPM + F5 deployment/configuration.
In addition, if you want to use the feature to dedicate a SUB to be a standby-PUB this now works over a Layer-3 hop (it used to be enforced as a L2 solution only).... Another Technote of a worthy read is my Clusterering TechNote.
Snr Tech Marketing Engineer - ClearPass
-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.