Security

Because of configuration issues on our switches, I setup our CPPM boxes with 2 interfaces on different subnets, but both subnets are carried on the same VLAN.  I've read forum posts here and the tech docs and I didn't see any limitations in doing this, but it's exhibiting odd behavior.  We're seeing the IP address of the data port using 2 MAC addresses, and the IP address of the mgmt port using the same 2 MAC addresses.  Since they are on the same VLAN, it's wreaking havoc on the connecting switches' ARP and MAC tables.

Is there some CPPM configuration that will lock the data port to a MAC and also the mgmt port?

thanks

I'm not surprised you're having issue to be honest as the setup you have isn't recommended. 

Just because it doesn't say you can't do it doesn't mean you should. :)

Mike,

Some people think that having both management port and dataport is mandatory or best-practice.

Unless you have a specific need for it, I would go for just the management port and leave data unconfigured. Reason for that is that having two ports complicates the deployment. Please read the Technote on ClearPass Service Routing if you want to understand the feature. If you don't understand or are unsure, deploy ClearPass on a single interface.

To skip data port configuration during the initial setup, just press Enter on the question for the IP address of the data port. If you already configured the data port IP, remove the values in the server manager.