Hi All,
Somewhere in the past I saw a line stating that OnGuard persistent agent needs to communicate only by physical IP against ClearPass server. But, I forgot where it is, I tried searching at ClearPass OnGuard Troubleshooting page and OnGuard In A Cluster Tech Notes, couldn't get any luck.
I have a case where we are doing migration of clearpass hardware. In the OnGuard settings > Policy Manager Zones we have an overriding FQDN which basically resolves to VIP. This VIP is configured in ClearPass's Virtual IP Setting under the Server Manager > Server Configuration.
Prior to migration, this VIP is in front of IP A and IP B, after migration to IP C and IP D (all respectively a.k.a. in order).
Some clients 'gets affected' after migration where at the Health Log we see the ClearPass IP reachable is IP B (which indeed was not there anymore and already 'replaced' by the IP D. We checked the agent.conf file, there is no IP B there (since it's already after migration, no more IP A and IP B).
Straight to the question, does the OnGuard have some cache so it somehow still remembers there is this IP B.
And, after all, is using a VIP as the OnGuard IP a recommendation by Aruba ?
Thanks all.
Cheers.