Requirement:
We might require to change VIP ID from default ID=1 as it may cause conflicts in the network with existing VRRP VRID 1.
Currently the VIP ID is not editable in ClearPass. As a workaround we can create a fake VIP configuration and disable it. After that create the real VIP configuration and keep it active. So the active one will use an ID incremented from 1.
Configure two VIPs as shown below (fake vs active),
In the above configuration, a fake VIP is created with IP 192.168.1.15 for DATA Port and the real VIP for MGMT port is 10.17.164.10.
We can verify the ID of active VIP by collecting server logs and navigating to PolicyManagerLogs >> vip-service. Each VIP will contain it's respective vip-xxxx.cong file as shown below.
vip-3004.conf -------------
ID=1 VIP_ADDRESS=192.168.1.15 PASSWORD=6a477654-153f-4a0b- PRIORITY=0 WAITPERIOD=10 BIND_INTERFACE=eth1
cat vip-3005.conf -----------------
ID=2 VIP_ADDRESS=10.17.164.10 PASSWORD=adfa0955-65e0-4e3f- PRIORITY=0 WAITPERIOD=10 BIND_INTERFACE=eth0
Once the fake VIP is disabled, we will not see the corresponding vip conf file of it. So the Active VIP will use the ID 2 and won't conflict with VRRP ID in the network.
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.