Security

Reply
Valued Contributor I

RFC3576 config question.

Hi,

I've got a CPPM cluster that we load balance auth requests to from our mobility controllers. Am I right in assuming that I only need to configure an entry for the master publisher Ip address on the controllers as a 3576 capable server given that any CoA commands will be coming from a gui connected to the master publisher?

 

What do other people do when you've got a load balanced group of clearpass servers and want to mplement CoA ?

Rgds

Alex

Guru Elite

Re: RFC3576 config question.

You should add all of your ClearPass servers as authorized RFC 3576 servers on the controller.


Thanks,
Tim

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Valued Contributor I

Re: RFC3576 config question.

Just to complicate matters, I've got eeach cppm VM set up with 2 network interfaces, the management side is set up on 144.32.128.0/23 while the data side is set up on 144.32.126.0/23. Our load balancer load balances auth-requests over the data interfaces i.e. 144.32.126.xxx

 

Which set of interfaces do I use for the CoA? Data side?

 

A

Guru Elite

Re: RFC3576 config question.

In that case, is should be the data side.

Take a look at this doc:
https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=14011

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: