Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

What redundancy model does ClearPass support if have multiple CPPM? What are the difference ?

This thread has been viewed 18 times

  • 1.  What redundancy model does ClearPass support if have multiple CPPM? What are the difference ?

    Posted Jun 10, 2016 10:53 AM

    Hi , we are going to buy 2 ClearPass , what redundancy mode do ClearPass support? HA , Cluster... What are the difference? Please advise. thanks in advance



  • 2.  RE: What redundancy model does ClearPass support if have multiple CPPM? What are the difference ?

    EMPLOYEE
    Posted Jun 10, 2016 11:29 AM
    ClearPass uses a cluster model. They operate in active/active.


  • 3.  RE: What redundancy model does ClearPass support if have multiple CPPM? What are the difference ?

    Posted Jun 10, 2016 11:45 AM

    thanks for reply.

     

    So 2 CPPM should be configured as publisher/standby publisher, or publisher/subscriber? If enable Virtual IP service, the controller should point to virtual IP address, right? 



  • 4.  RE: What redundancy model does ClearPass support if have multiple CPPM? What are the difference ?

    EMPLOYEE
    Posted Jun 10, 2016 12:11 PM
    There is no such thing as a standby in ClearPass. There is one publisher and
    multiple subscribers. All are active.



    The VIP should be used for the guest captive portal URL. For RADIUS
    authentication, configure both servers individual and enable load balancing.



    Please work with your ClearPass partner on this design.


  • 5.  RE: What redundancy model does ClearPass support if have multiple CPPM? What are the difference ?

    Posted Jul 21, 2017 06:22 PM

    Hi,

     

    The VIP should be used for the guest captive portal URL. For RADIUS authentication, configure both servers       individual and enable load balancing.

    How is the failover addressed in the case of RADIUS authentication? I understand some NAD devices points to node 1 and some point to node 2 for load balancing and redundancy. What happens if node 1 fails? Will all the authentications through NADs pointing to node 1 fail? Do we have to change these NADs to point node 2?

     

    Regards,

    Julián



  • 6.  RE: What redundancy model does ClearPass support if have multiple CPPM? What are the difference ?

    EMPLOYEE
    Posted Jul 21, 2017 06:48 PM

    You have 4 options

    1. Define multiple servers on the NAD and they should fail through
    2. Use a load balancer
    3. Use the virtual IP of ClearPass
    4. Manually change it

     

    1 and 2 are the recommended methods.



  • 7.  RE: What redundancy model does ClearPass support if have multiple CPPM? What are the difference ?

    Posted Jul 21, 2017 06:51 PM

    Very clear, many thanks!

     

    Regards,

    Julián



  • 8.  RE: What redundancy model does ClearPass support if have multiple CPPM? What are the difference ?

    Posted Jul 24, 2017 05:21 PM

    Take a read of the clustering TechNote as well.



  • 9.  RE: What redundancy model does ClearPass support if have multiple CPPM? What are the difference ?

    Posted Jun 11, 2016 01:09 PM
    there's a recent video on the aruba YouTube channel that covers clearpass clusters thay may be helful to you: https://youtu.be/9Vkz6JwKj0Y


    #AirheadsMobile