Security

Hi:

I have two Clearpass servers, but all requests from my Aruba controllers are going to the publisher Clearpass server.

 

How do I piont different controlles to different CPPM servers, so that the subscriber Clearpass does some of the work?

 

Thanks,

Tony

 

You have three options:


1) If you're using AOS 6.4, check the RADIUS load balancing box in the server-group config.

2) If you're not using AOS 6.4, create two server groups, one with server A in slot 1 and Server B in slot 2, and then in the second server group flip them. Then assign these to different AP groups.

3) Use a hardware load balancer.

Hi Tim:

Thanks for the reply.

 

I'm still using a few 3400 controllers, so I'm on 6.3.

 

To use the second option you mentioned, am I correct in understanding that I would

 

Create a new server group with the order of CPPM servers swapped

Create a new aaa profile that uses the new server group as the dot1x-server-group

Assign the new aaa profile to a wlan virtual-ap?

 

Thanks,

Tony

 

 

 

Right. I actually left out a step or two.

You would need to duplicate both your AAA profile and your virtual-ap profile and then set the second variation of the server-group in the duplicate. So it would look something like this:

SSID1_vap-profile-a
Aaa-profile dot1x-A
Server-group clearpass-A

SSID1_vap-profile-b
Aaa-profile dot1x-B
Server-group clearpass-B


It's a pain to set up at first, but it works.