Hi Douglas,
Configuring a VIP for the two servers on L2 would not load-balance them, rather build redundancy as it would automatically fail over to the standby when the active is no longer reachable. This would be done on ClearPass, nothing would be required to change on the switches/controllers pointing to the VIP. If you're looking for load-balancing or distributing the authentications, you would either have to setup a load-balancing appliance or use the local server on those local pieces of equipment. For our environment, we have a local CPPM server at each large campus which is primary for those switches/controllers, followed by the the data center, and so on. We simply adjust the RADIUS and/or TACACS groups on the network devices with a different order depending on where we want the authentications to primarily go to. In this case, if the primary server becomes unreachable, it's up to the network device to fail to the next - typically these options are configurable.
Thanks.
------------------------------
Michael Haring
AirHeads MVP 2017, 2019-2021
------------------------------
Original Message:
Sent: Aug 05, 2021 03:45 PM
From: Douglas Ullman
Subject: CPPM Preferred Servers
Hello,
I have a 4 node CPPM cluster deployed in our international data centers. (EU, Australia, and North America). Latency is OK to sync the DBs across. We are using the CPPM server for authentication to our wireless network as well as wired and logins into our switches (2930s) and controllers.
In the controller, I can adjust the order in the AAA profile. Is there a way to set CPPM server preference for those switches? I do have a L2 connection for our DCs in NA, so would it be appropriate to setup a VIP with just the 2 NA servers and let CPPM handle the load balancing?
Thank you for the input!
Doug Ullman
------------------------------
Douglas Ullman
------------------------------