Dear all expers,
I'm implementing clearpass with these solution:
1. Have 2 clearpass VA-25K , each VA-25 is separately running on different ESXi host like this.
ESXi(1) ESXi(2)
CPPM-1 CPPM-2
IP: 1.1.1.1 (Publisher) 1.1.1.2 (Subscriber)
2. I made CPPM-2 to be subscriber of CPPM-1 and at CPPM-1, i configured "TRUE" for standby Publisher and point Standby Subscriber to "CPPM-2" and configure Wait time to 5 min.
3.After that on Dashboard of both CPPMs, CPPM-1 was Publisher and CPPM-2 was Subscriber.
4. I took out LAN cable of CPPM-1, after that around 8-9 mins, CPPM-2 was changed to Publisher role.
5. I pushed CPPM-1 LAN cable back and CPPM-1 role was Publisher but it pop-up me with warning that we must reset database of CPPM-1 and re-join again.
If
5.1 I reset cluster database on CPPM-1 and re-join again with Subscriber role. Then it's work fine but CPPM-2 will be Publisher and CPPM-1 will be Subscriber. However i click on CPPM-1 to "Promote to Publisher" then CPPM-1 was changed to Publisher and CPPM-2 was changed to Subscriber.
For (5.1) , it's work fine.
On the other hand,If
5.2 I reset cluster database on CPPM-2 and re-join with subscriber role to CPPM-1. It can't work and when i run CLI "cluster make-subscriber -i ..." on CPPM-2 , i showed me like CPPM-2 can't addSubscriber , try again... something like that.
So i'm not sure for the correct concept , when CPPM-1 (Publisher) is down and CPPM-2 take Publisher. How should we do when CPPM-1 come back?
Thanks ..