Security

Reply
Highlighted
New Contributor

ClearPass Cluster with more than one VIP for NAD Load-Balancing

Guru Elite

Re: ClearPass Cluster with more than one VIP for NAD Load-Balancing

Let me try to understand:

 

You typically have to create a VIP between two clearpass nodes when you have a URL that only resolves to a single ip address like an initial guest page.   You make the URL resolve to the VIP address and the redundancy is provided by the VIP between the two servers.

 

On the other hand, if you want to do redundancy for a NAS where you can specify a primary and a secondary ip address for radius servers, you specify the literal ip addresses and not the VIPs.  The NAS would manage the redundancy by always choosing the first ip address or load balancing between the two radius servers based on how the NAS is configured.  Typically a NAS that does load balancing knows how to detect if a node is "alive" or not.  If you choose the point the NAS at VIPs, instead, there will be no load balancing, because whichever ClearPass node "owns" the VIP will always take the load.

 

You can choose either way based on your requirements, but If you point a NAS at a VIP, there will be no load balancing, at all.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
New Contributor

Re: ClearPass Cluster with more than one VIP for NAD Load-Balancing

Hi and thanks for quick reply.

 

I know that using the "real" IP-Adresses is the common best practise.

To be honest, I just found another Thread with the exact same question.

 

https://community.arubanetworks.com/t5/Security/CPPM-Virtual-IP-for-Captive-Portal-and-RADIUS/td-p/267500

 

regards

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: