Have you tried configuring static routes for those to use mgmt?
Try this :
network ip add mgmt -d <DestinationIP Address/Subnet Mask> -g <Gateway IP address>
------------------------------
Dustin Burns
Lead Mobility Engineer @Worldcom Exchange, Inc.
ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022-2023
If my post was useful accept solution and/or give kudos
------------------------------
Original Message:
Sent: May 12, 2023 03:15 PM
From: mwfolso
Subject: Question about clustering and using the data port of an individual subscriber
Dustin:
Thanks again!
Thanks!.
I am still left with the issue that I can't successfully send a RADIUS request to the Mgmt port of the Subscriber, a box with the data port active, but can to the Publisher, a system without an active data port. The connection attempt doesn't even show up in the Access Tracker. Please note the Mgmt ports of both systems are on the same subnet.
Thanks again -
Mike
Original Message:
Sent: May 11, 2023 07:46 PM
From: DB86
Subject: Question about clustering and using the data port of an individual subscriber
1) when you create a cluster like this do the services and sources you create on the Publisher automatically get pushed out to the Subscriber along with Certs, Roles, Endpoints and etc? I have a situation where a simple radius test client (NTRadPing) can successfully authenticate against the Publisher but not the Subscriber, the system with an active data interface. The test client says that it doesn't even get a response from the Mgmt interface of the Subscriber.
The publisher will push the policy configurations down to the subscriber. You need to install the certificate on the subscriber, either from the Publisher when added, or standalone. If your using Active directory for an auth source, you need to join both nodes to the domain separately
------------------------------
Dustin Burns
Lead Mobility Engineer @Worldcom Exchange, Inc.
ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022-2023
If my post was useful accept solution and/or give kudos
Original Message:
Sent: May 11, 2023 06:49 PM
From: mwfolso
Subject: Question about clustering and using the data port of an individual subscriber
I have a small development cluster, right now 1 publisher and 1 subscriber, both C1000's, and I am trying to drop the data port of the subscriber into an isolated network segment that doesn't have access to any directory or authentication sources. This cluster is relatively new and is running 6.11.2. With that background I have a couple of questions:
1) when you create a cluster like this do the services and sources you create on the Publisher automatically get pushed out to the Subscriber along with Certs, Roles, Endpoints and etc? I have a situation where a simple radius test client (NTRadPing) can successfully authenticate against the Publisher but not the Subscriber, the system with an active data interface. The test client says that it doesn't even get a response from the Mgmt interface of the Subscriber.
2) When you use the data port of a subscriber does the functionality of that system's Mgmt port change? Meaning can the Mgmt interface and the data interface both answer radius requests on a subscriber where both interfaces are active?
Thanks for any help on this -
Mike