Security

Reply
Contributor I
Posts: 49
Registered: ‎07-18-2014

Virtual IP

 

Hi,

 

 We have an scenario with 3 ClearPass Servers, can we use the VIP for all the servers? or it is just for a pair of servers scenario?

 

Regards,

Ivan Vera

MVP
Posts: 432
Registered: ‎07-26-2011

Re: Virtual IP

You can configure two nodes in a cluster to share a Virtual IP address. The Virtual IP address is bound to the primary node by default. The secondary node takes over when the primary node is unavailable.

ACMA, ACMP
If my post addresses your query, give kudos:)
Contributor I
Posts: 49
Registered: ‎07-18-2014

Re: Virtual IP

Hi, 

 

 What if I want to configure a Captive Portal and I have 3 servers. On the IAP you can set just 2 servers, what happend if both are down, how is the IAP know the IP address of the 3rd server?

MVP
Posts: 432
Registered: ‎07-26-2011

Re: Virtual IP

[ Edited ]

I believe the max you can have is 2 auth servers per SSID and 1x Captive Portal per SSID profile on the IAP. You can however have more than 1 Captive Portal returned via an User Role from the CPPM. The way I know how to do it would be to configure 3x User Roles each with a different Captive Portal in them on the IAP.

 

For example
CPPM1 = UserRole1

CPPM2 = UserRole2

CPPM3 = UserRole3

 

You'd need a MAC auth service to accept the initial request and generate a RADIUS request to the CPPM. Depending which CPPM repsonds to the MAC auth, it can return the value of 1 of the 3 User Roles. The from here you have your Captive Portal specified in each User Role.


Hope this makes sense :)

ACMA, ACMP
If my post addresses your query, give kudos:)
Search Airheads
Showing results for 
Search instead for 
Did you mean: