Security

Reply

CPPM - Authentication requests: load balance or not?

Hi community,

I have a customer who has purchased two C1000 ClearPass appliances, just for redundancy, so I will create a cluster of two nodes, both if the same L2 segment. The number of users to be authenticated is very small, no more than 200 concurrent users, so the two nodes will be sharing 200 Access licenses. For the wireless side I have a cluster of IAPs. In this case where the number of users is very small and the ClearPass nodes can handle with no problems the authentication requests, is it better if I configure my Instant cluster to load balance the traffic between the two ClearPass nodes (active-active) or to send all the traffic to one node and let the other node as backup in case the primary node fails (active-standby)? Both options will work, which one is better?

Regards,
Julián
Guru Elite

Re: CPPM - Authentication requests: load balance or not?

Active/Standby is much easier to troubleshoot if you don't need to load balance due to "load".  My opinion and my opinion alone.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars

Re: CPPM - Authentication requests: load balance or not?

Hi,

 

And it makes sense, thank you!

 

Regards,

Julián

Occasional Contributor I

Re: CPPM - Authentication requests: load balance or not?

If you are planning to use Active/Standby then I would also suggest to configure VIP in ClearPass to control fail-over from ClearPass setup itself.

 

Regards,

Pranav

Highlighted
Guru Elite

Re: CPPM - Authentication requests: load balance or not?

The VIP is clearpass is designed for when you can only point the authentication to a single ip address, like redirecting to the Captive Portal page.  The VIP in ClearPass is not necessarily fast to fail over  so load balancing or active/standby in Instant is better suited for high availability than the ClearPass VIP.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: