Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Multiple VIPs on Clearpass Cluster

This thread has been viewed 7 times

  • 1.  Multiple VIPs on Clearpass Cluster

    Posted Apr 16, 2019 06:25 AM

    Hi All

     

    I wanted to spread the load of 802.1X authentications across my Clearpass cluster so I created a second VIP and made my subscriber the primary for the new VIP. Testing went well and all looked fine, but the minute to pointed production authentication taffic at the new VIP all RADIUS authentications on both servers started to timeout. I quickly made my publisher the primary for the second VIP and all returned to normal.

    Is there someting I'm missing with regards to creating a second VIP?

    Clearpass version is 6.7.7

     

    Thanks

     

    Dave



  • 2.  RE: Multiple VIPs on Clearpass Cluster
    Best Answer

    Posted Apr 16, 2019 07:30 AM
    Hi Dave,

    Two VIP's should work without any issue. Advice is to use two VIP's and spread the VIP's over the two clearpass nodes.
    I haven't seen issues with the VIP's in the past. Where all services running, also the VIP and RADIUS service?
    Is there something noted in the event viewer?


  • 3.  RE: Multiple VIPs on Clearpass Cluster

    Posted Apr 30, 2019 06:01 AM

    Checked the event viewer and can see issues with high I/O wait time, looking at vSphere it would appear that it's an issue with disc latency. The hardware is due for eplacement soon so will probably bring the replacement forward.