10-15-2014 10:48 AM
We have two clearpass servers clustered. Their management IP addresses are in different subnets.
The question is failover with Layer3. As we will not have a VIP. If the publisher fails, how do requests go to the subscriber?
For radius requests, I believe I can have a primary/secondary entries. But for guest/captive portal, how does the request get to the secondary server upon failure of the publisher?
10-15-2014 11:57 AM
--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.
--Problem Solved? Click "Accepted Solution" in a post.
10-15-2014 06:57 PM
You can also get a little creative with if you have a MPLS-enabled gear. You could run VRRP for the Clearpass gateway over a VPLS instance. This could achieve shared L3 over MPLS, but it's far less common.
Troy's right, the most popular to pull this off without the use of the Clearpass Virtual IP is with a dedicated load balancer. That way you can point the URL redirect to the load balancer IP address and let it spray IPs based on it's criteria. I've seen people use F5s and very elaborate iRules along side health checks to guarantee the servers are still responding to pings and http / https requests.
Hope this helps!
10-17-2014 09:25 AM - edited 10-17-2014 09:25 AM
Just FYI... at the following link are a bunch of my CPPM TechNotes, there is one there related to CPPM + F5. Might be useful if you pursue a SLB type CPPM deployment.
Snr Tech Marketing Engineer - ClearPass
-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.