ClearPass Load Balancing Questions w/ F5
07-19-2019 10:48 AM
I'll preface this by stating that I'm not an F5 expert by any means.
I've skimmed through the F5 technote, but there are a few things that remain unclear to me. I'm hoping someone else here has experience with using ClearPass behind F5's in their environment.
I understand that persistence is needed on http/https for captive portal, and also for radius accounting to work properly, but is there truly any need for persistance on port 1812 for radius authentication only?
We've setup health checks on the F5 as per the technote, so we'll know when a node is out of service. When a ClearPass node goes down, what is the recommended "Action on Service Down" on the F5 side? We have options for none, drop, reject, and reselect.
Lastly, I've noticed in ClearPass version 6.8.1 that there is a new behavior....
If a policy server is unresponsive or crashes, ClearPass now automatically drops the packets and does not send an Access-Reject to the network access device (NAD). (CP‑22851)
How would this affect our configurations on the load balancer side?
Any insight would be appreciated.