Wireless Access

last person joined: 4 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Clearpass publisher/ subscriber

Jump to Best Answer
  • 1.  Clearpass publisher/ subscriber

    Posted Apr 06, 2017 04:36 PM

    I'm installing a cluster that has 2 nodes. 1 Publisher on the West Coast and 1 Subscriber on the East Coast with a WAN link of 50 Mbps between them. All the info I am researching shows that the Pub and Sub need to be in the same subnet. These 2 will not be in the same subnet. My question is how will redundancy work and would I use the Publisher's IP address on NAD's on the East coast? Would Radius Authentications for NAD's on the West Coast be sent to the Subscriber since it is a worker node? Should I create zones for these so authentications will be sent to closest CP Pub or Sub Server? Or am I understanding Zones wrong.. What would be the best IP address to enter on the NAD's for authentication? that of the publisher?

     

     

    Thanks in advance.



  • 2.  RE: Clearpass publisher/ subscriber

    Posted Apr 06, 2017 04:49 PM
    Pub and sub do not need to be on same subnet. I have a cluster with the pub in US and subs all around the globe in different L3 nets. You can point your NAD to whatever node makes the most sense and write your policies accordingly. Pub can also service authentications.


    #AirheadsMobile


  • 3.  RE: Clearpass publisher/ subscriber

    Posted May 17, 2017 02:45 PM

    Thanks. I think I will plan on pointing the NAD's to whatever is geographically closest.



  • 4.  RE: Clearpass publisher/ subscriber
    Best Answer

    Posted Apr 10, 2017 02:43 AM

    Pub & SUB not require in same subnet. if you want to configure VRRP between two CPPM nodes then it should be in same subnet.  Zone is basically require for Clearpass Onguard Client communication and not for NAD. I will recommend you to configure SUB as primary radius for NAD and PUB as secondary because all configuration changes load take care by Publisher so it will better all authentication handle by sub and if Subscriber is unavilable then publisher should handle that requests.

     

    Regards,

    Milind Yashwantrao



  • 5.  RE: Clearpass publisher/ subscriber

    Posted May 17, 2017 02:44 PM

    Ok, thanks for the recommedations.