I'm installing a cluster that has 2 nodes. 1 Publisher on the West Coast and 1 Subscriber on the East Coast with a WAN link of 50 Mbps between them. All the info I am researching shows that the Pub and Sub need to be in the same subnet. These 2 will not be in the same subnet. My question is how will redundancy work and would I use the Publisher's IP address on NAD's on the East coast? Would Radius Authentications for NAD's on the West Coast be sent to the Subscriber since it is a worker node? Should I create zones for these so authentications will be sent to closest CP Pub or Sub Server? Or am I understanding Zones wrong.. What would be the best IP address to enter on the NAD's for authentication? that of the publisher?
Thanks in advance.
Thanks. I think I will plan on pointing the NAD's to whatever is geographically closest.
Pub & SUB not require in same subnet. if you want to configure VRRP between two CPPM nodes then it should be in same subnet. Zone is basically require for Clearpass Onguard Client communication and not for NAD. I will recommend you to configure SUB as primary radius for NAD and PUB as secondary because all configuration changes load take care by Publisher so it will better all authentication handle by sub and if Subscriber is unavilable then publisher should handle that requests.
Ok, thanks for the recommedations.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.