Security

 View Only
  • 1.  New subscriber in existing clearpass Setup

    Posted Mar 05, 2024 01:33 AM

    Hi , 

    We are running with two cleapass configured under virtual IP address , Now we are planning to add a new subscriber .

    What is the procedure for adding the new one .

    Version : 6.10.8

    I am Quite new to cleapass 



  • 2.  RE: New subscriber in existing clearpass Setup

    Posted Mar 05, 2024 02:33 AM

    Hi

    The general process for adding a node to a cluster is:

    1. Install the server  and add PAK license
    2. Update with to the same version as the cluster
    3. Make sure port openings are in place if the servers are on different subnets with firewall between
    4. Navigate to Administration\Server Manager\Server Configuration. Click the link "Make Subscriber" in the upper right corner
    5. Provide the MGMT interface IP address of the Publisher and the cluster password. It's the password for appadmin

    But in your case I would highly recommend to instead plan and execute a migration to ClearPass 6.11.x or 6.12.x, as the support for 6.10.x is scheduled to expire on 2024-04-30.

    Depending on how old your old current servers are and if they was bought with the old license model or the new one introduced with version 6.7 around late 2017 you need to buy a conversion from old SKU's to new to be able to get support after 2024-04-30. If your initial servers are from 2018, maybe also early 2019, they may be either bought under the legacy license model or the new license model.



    ------------------------------
    Best Regards
    Jonas Hammarbäck
    MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
    Aranya AB
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------



  • 3.  RE: New subscriber in existing clearpass Setup

    Posted Mar 07, 2024 12:40 PM

    Thanks for the detailed explanation , In licensing window could see license are added on june 2021 . So we are good on license part right ?




  • 4.  RE: New subscriber in existing clearpass Setup

    Posted Mar 11, 2024 07:29 AM

    That doesn't tell too much. ClearPass has a platform license (PAK) that is needed one each for your ClearPass servers. So if you have 2 servers now that are activated with a PAK and you want to add a third server, that would need an additional PAK for that server.

    Access/Onboard/OnGuard licenses are shared within the cluster, so unless you expand to allow more clients to connect, these may be sufficient; but are independent from the PAK.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------