Security

last person joined: 14 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

cant drop clearpass subscriber due to virtual IP settings

This thread has been viewed 17 times

  • 1.  cant drop clearpass subscriber due to virtual IP settings

    Posted Aug 14, 2014 03:32 AM

    got a clearpass cluster (version 6.3.4) of two nodes, a publisher and subscriber. the publisher has failed and no standby publisher is configured. now i would like to drop the subscriber to make it publisher, but im stuck in a catch 22 i believe.

     

    when i click drop subscriber it says "Drop Subscriber is not permitted. Server is part of Virtual IP Settings"

    but when i try to remove the virtual ip settings it says "Modifications are not supported on Subscriber node; please use Publisher node."

     

    also i would like to leave the virtual ip untouched as removing that can cause an interuption.

     

    i found the CLI command cluster make-publisher is that my only option or is there something else to do?



  • 2.  RE: cant drop clearpass subscriber due to virtual IP settings

    EMPLOYEE
    Posted Aug 14, 2014 06:32 AM
    Yes, you should promote to publisher. You should always have an active publisher.


  • 3.  RE: cant drop clearpass subscriber due to virtual IP settings

    Posted Aug 14, 2014 03:01 PM

    ok and via the CLI is the only way to go?

     

    little note for aruba, update the documentation to also say the -f flag is possible for the cluster make-publisher command.



  • 4.  RE: cant drop clearpass subscriber due to virtual IP settings
    Best Answer

    EMPLOYEE
    Posted Aug 14, 2014 03:16 PM
    In this instance, yes.


  • 5.  RE: cant drop clearpass subscriber due to virtual IP settings
    Best Answer

    EMPLOYEE
    Posted Aug 14, 2014 10:08 PM

    In 6.4 the VIP restriction is removed so you don't have to have both servers defined.

     

    I will have to test and see if it will help in your instance.



  • 6.  RE: cant drop clearpass subscriber due to virtual IP settings

    Posted Aug 18, 2014 03:58 AM

    thanks guys, that is enough information for now.