Security

I set an enforcement profile to update attributes value of endpoints using ClearPass OnGuard. 

For example, I made an attribute named "health status". And when OnGuard agent's status is healthy, the endpoint's "health status" is "Healthy".

 

 

Today, my CPPM server had some problem and so I turned off the publisher. 

Then, all services(RADIUS, TACACS, 802.1x, etc) worked well. But it couldn't update the "health status" of the endpoints. 

 

Now, I wonder if the subscriber can't update any attribute of endpoints.  

 

Thanks. 

Only the publisher has write access to the database. The publisher should never be down.

or you promote your subscriber as a publisher...

Thanks, Tim.

 

But I made some services and role by these attributes.

Is there any recommendation if my publisher has the problem like today?

 

While I recover or troubleshoot my publisher, some services can't work unless the attributes are updated. 

What exactly was happening with your publisher? Do you have a TAC case open?

I did.
My publsher didn't answer from any requests.
And I found CPU load was nearly 100%.
After rebooting, it worked well. But some services didn't work while rebooting.

I'd like to prevent like this issue in future.

A publisher has to be up at all times to do database writes (post auth endpoint updates, Guest creation, device registration, Onboarding, etc)

Authentication will continue if the publisher is down, but anything that requires a write, will not function.

Thanks. I got it.


#AirheadsMobile

Thanks. I got it.


#AirheadsMobile