Security

last person joined: 14 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass Virtual IP Issue

This thread has been viewed 0 times

  • 1.  Clearpass Virtual IP Issue

    Posted Apr 17, 2014 01:02 AM

    Hi Guys. 

     

    I have configured a virtual IP between two Clearpass Apliances with the following settings:

     

    *Clearpass Onboard acting as main AAA server and captive portal for BYO Devices.

    *Virtual IP settings:

    • Primary Node: Publisher CCPM
    • Secondary Node: Subscriber CPPM 
    • Both with the MGMT Interface. 
    • DNS Record in the network is configured to point to the virtual IP address. 

     

    When Primary Nodes fails (and publisher CCPM) the following happens:

    • The secondary node accepts dot1x authentication requests and works without any problems. BYO Devices can authenticate to the wireless network without issues. 
    • But Captive portal page is redirected to the /agen/portal and not to the onboard page.

     

    I have the following questions:

     

    Does Virtual IP provides full redundancy for Onboard and Guest services?

    Is this an expected behaviour?

    In the old amigopod architecture, I remember that Virtual IP setup provided full captive portal redundancy. 

     

    Kind Regards, 

     

    Liquidfunk.

     

     

     

     

     

     

     



  • 2.  RE: Clearpass Virtual IP Issue

    EMPLOYEE
    Posted Apr 17, 2014 02:13 AM
    The VIP will only do full fail over if you have auto promote turned on to make the subscriber the new publisher. Only the publisher can add new guests or onboarding.