11-20-2018 10:11 AM - edited 11-21-2018 07:52 AM
11-20-2018 01:46 PM - edited 11-20-2018 01:49 PM
Let me try to understand:
You typically have to create a VIP between two clearpass nodes when you have a URL that only resolves to a single ip address like an initial guest page. You make the URL resolve to the VIP address and the redundancy is provided by the VIP between the two servers.
On the other hand, if you want to do redundancy for a NAS where you can specify a primary and a secondary ip address for radius servers, you specify the literal ip addresses and not the VIPs. The NAS would manage the redundancy by always choosing the first ip address or load balancing between the two radius servers based on how the NAS is configured. Typically a NAS that does load balancing knows how to detect if a node is "alive" or not. If you choose the point the NAS at VIPs, instead, there will be no load balancing, because whichever ClearPass node "owns" the VIP will always take the load.
You can choose either way based on your requirements, but If you point a NAS at a VIP, there will be no load balancing, at all.
*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Re: ClearPass Cluster with more than one VIP for NAD Load-Balancing
11-21-2018 07:28 AM - edited 11-21-2018 07:53 AM
Hi and thanks for quick reply.
I know that using the "real" IP-Adresses is the common best practise.
To be honest, I just found another Thread with the exact same question.