Security

Reply
Super Contributor II

RFC3576 config question.

Hi,

I've got a CPPM cluster that we load balance auth requests to from our mobility controllers. Am I right in assuming that I only need to configure an entry for the master publisher Ip address on the controllers as a 3576 capable server given that any CoA commands will be coming from a gui connected to the master publisher?

 

What do other people do when you've got a load balanced group of clearpass servers and want to mplement CoA ?

Rgds

Alex

Guru Elite

Re: RFC3576 config question.

You should add all of your ClearPass servers as authorized RFC 3576 servers on the controller.


Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Super Contributor II

Re: RFC3576 config question.

Just to complicate matters, I've got eeach cppm VM set up with 2 network interfaces, the management side is set up on 144.32.128.0/23 while the data side is set up on 144.32.126.0/23. Our load balancer load balances auth-requests over the data interfaces i.e. 144.32.126.xxx

 

Which set of interfaces do I use for the CoA? Data side?

 

A

Guru Elite

Re: RFC3576 config question.

In that case, is should be the data side.

Take a look at this doc:
https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=14011

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: