Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Virtual IP on management and Data Interface

This thread has been viewed 2 times

  • 1.  Virtual IP on management and Data Interface

    Posted Mar 05, 2018 12:15 AM

    Hi all

     

    i have a plan to use data and management port on clearpass publisher, where data port is dmz port for guest portal, since my guest subnet is located on dmz, and management for internal communication (AD, clearpass subs). for HA, i want to ad VIP on both data and management port, but i found this on technote service routing :

     

    "Since the release of CPPM 6.1.1 you can configure VIP addresses pairs concurrently across the Management and Data Interfaces. Prior to 6.1.1 if the server had both Management and Data VIP configured, then the VIP will only work with the data interfaces."

     

    so i cannot use vip on management and data concurrently? any recent update? i am using clearpasss 6.6

     

    thank you



  • 2.  RE: Virtual IP on management and Data Interface

    Posted Mar 05, 2018 04:43 AM
    @john smithwrote:

     

    ...

     

    "Since the release of CPPM 6.1.1 you can configure VIP addresses pairs concurrently across the Management and Data Interfaces. Prior to 6.1.1 if the server had both Management and Data VIP configured, then the VIP will only work with the data interfaces."

     

     

    ...

     Yes, you can according to the technote. :)