Security

Reply
Contributor I
Posts: 49
Registered: ‎07-18-2014

Virtual IP

 

Hi,

 

 We have an scenario with 3 ClearPass Servers, can we use the VIP for all the servers? or it is just for a pair of servers scenario?

 

Regards,

Ivan Vera

Regular Contributor II
Posts: 214
Registered: ‎07-26-2011

Re: Virtual IP

You can configure two nodes in a cluster to share a Virtual IP address. The Virtual IP address is bound to the primary node by default. The secondary node takes over when the primary node is unavailable.

ACMA, ACMP
Contributor I
Posts: 49
Registered: ‎07-18-2014

Re: Virtual IP

Hi, 

 

 What if I want to configure a Captive Portal and I have 3 servers. On the IAP you can set just 2 servers, what happend if both are down, how is the IAP know the IP address of the 3rd server?

Regular Contributor II
Posts: 214
Registered: ‎07-26-2011

Re: Virtual IP

[ Edited ]

I believe the max you can have is 2 auth servers per SSID and 1x Captive Portal per SSID profile on the IAP. You can however have more than 1 Captive Portal returned via an User Role from the CPPM. The way I know how to do it would be to configure 3x User Roles each with a different Captive Portal in them on the IAP.

 

For example
CPPM1 = UserRole1

CPPM2 = UserRole2

CPPM3 = UserRole3

 

You'd need a MAC auth service to accept the initial request and generate a RADIUS request to the CPPM. Depending which CPPM repsonds to the MAC auth, it can return the value of 1 of the 3 User Roles. The from here you have your Captive Portal specified in each User Role.


Hope this makes sense :)

ACMA, ACMP
Search Airheads
Showing results for 
Search instead for 
Did you mean: