3 weeks ago
I'm installing a cluster that has 2 nodes. 1 Publisher on the West Coast and 1 Subscriber on the East Coast with a WAN link of 50 Mbps between them. All the info I am researching shows that the Pub and Sub need to be in the same subnet. These 2 will not be in the same subnet. My question is how will redundancy work and would I use the Publisher's IP address on NAD's on the East coast? Would Radius Authentications for NAD's on the West Coast be sent to the Subscriber since it is a worker node? Should I create zones for these so authentications will be sent to closest CP Pub or Sub Server? Or am I understanding Zones wrong.. What would be the best IP address to enter on the NAD's for authentication? that of the publisher?
Thanks in advance.
3 weeks ago
3 weeks ago - last edited 3 weeks ago
Pub & SUB not require in same subnet. if you want to configure VRRP between two CPPM nodes then it should be in same subnet. Zone is basically require for Clearpass Onguard Client communication and not for NAD. I will recommend you to configure SUB as primary radius for NAD and PUB as secondary because all configuration changes load take care by Publisher so it will better all authentication handle by sub and if Subscriber is unavilable then publisher should handle that requests.