Not fully sure what you try to do, but Virtual IP has to be in the same subnet as the interface IP.
If you have 4 servers in different IP subnets, you can't use virtual IP between them.
You can still have redundancy by using backup radius servers, or even better external network load balancers that do provide the redundancy and load balancing.
This may be a topic to better discuss in person with your Aruba Partner or local Aruba SE, to make sure that you fully understand what can be done.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Nov 16, 2023 02:22 PM
From: Miguel de Paula
Subject: Cluster with different networks and a new publisher
I have a question now, if you can help me.
I would continue with my 4 CPPM servers on different networks so that each request seeks the internal server and not externally.
However, I would like to leave either my VIP or a secondary one as redundancy. If they are in different subnets, can I still have cluster redundancy?
Original Message:
Sent: Nov 14, 2023 09:38 AM
From: jonas.hammarback
Subject: Cluster with different networks and a new publisher
Hi
- No it's no problem to have the ClearPass servers on different subnets. It's normal if the servers are located in different locations or countries. You need to make sure that all the machines can communicate with each other if there are firewalls between them.
- After you have added the three new machines to the cluster you can move the Publisher role to one of the new machines.
How are you utilizing the VIP address? A VIP can only be on the same IP subnet as the interface of the server(s) IP addresses. So if you have one server on one subnet this server can have a VIP, but this VIP address can't move to any other servers. Do be able to move a VIP between servers they must be on the same IP subnet, but this subnet can be stretched over several locations.
------------------------------
Best Regards
Jonas Hammarbäck
MVP 2023, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACDP , ACEP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
Original Message:
Sent: Nov 14, 2023 08:54 AM
From: Miguel de Paula
Subject: Cluster with different networks and a new publisher
Hello everyone, I would like to ask two questions.
1 - I have 1 C1000 VM and now I will add 3 more to form a cluster. My first doubt is that they are different networks, but they talk to each other. Would there be any problem forming the cluster with totally different networks?
2 - The second question is that I would like to use one of the 3 new VMs to be my main one and even my VIP would be on the same network as one of these 3 new ones. Can I change my main one to the 3 new ones instead of using my existing one?
I don't know if I was very clear, but thank you in advance.