04-25-2016 08:28 PM
I have one clearpass server which is currently only running Guest network access services via captive poral. I am now adding one more clearpass server and also planning to configure TACACS and RADIUS services on top of onging guest network access. I am looking for High Availability between these 2 Clearpass servers and having some queries.
ClearPass Server - 1 : It is having 1 Private IP on LAN and 1 Public IP via DNZ on Internet
ClearPass Server - 2 : It is having 1 Private IP on LAN and 1 Public IP via DNZ on Internet
Both these servers are using latest version of clearpass which is 6.6
They are on different data center and are not in same VLAN/Subnets so I guess we have to rule out possiblity of the Virtual IP. So I think we only have option of Publisher/Subscriber configuration.
Guest access is currently working via internet using URL. Basically if visitor connect to my Guest SSID, he/she will be redirected to URL(Register on Public DNS) over internet and allow visitor to complete self registration.
1. I can configure 2 RADIUS/TACACS(Primary and Backup) server on end device or my corporate SSID so RADIUS/TACACS services will be taken care via my LAN IP/PrivateIP or will there be any challanges?
2. How to achieve the failover for my Guest network access and self registration which is happening via URL which is registered on public DNS? Will publisher/Subscriber will take care of IP changes as well? What is best solution to achieve seamless failover to backup server for all these services which I am planning to configure?
3. Any documentation which I can refer to configure the High Availability?
Solved! Go to Solution.
04-28-2016 01:01 AM
I would advise you to check out the CPPM TechNote - Clustering Design Guidelines V1, which is available at:
That document will likely answer most of your questions and help you designing a high-available and resilient ClearPass infrastructure.
As you seem to have configured two interfaces on ClearPass (LAN+DMZ), I would advise you to read the CPPM Service Routing TechNote - V3 (available at the same location) to setup that good as well.
If you have additional questions, let us know.
If you have urgent issues, please contact your Aruba partner or Aruba TAC.