Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Virtual IP

This thread has been viewed 0 times

  • 1.  Virtual IP

    Posted Nov 21, 2016 11:28 AM

     

    Hi,

     

     We have an scenario with 3 ClearPass Servers, can we use the VIP for all the servers? or it is just for a pair of servers scenario?

     

    Regards,

    Ivan Vera



  • 2.  RE: Virtual IP

    MVP EXPERT
    Posted Nov 21, 2016 12:10 PM

    You can configure two nodes in a cluster to share a Virtual IP address. The Virtual IP address is bound to the primary node by default. The secondary node takes over when the primary node is unavailable.



  • 3.  RE: Virtual IP

    Posted Nov 21, 2016 12:14 PM

    Hi, 

     

     What if I want to configure a Captive Portal and I have 3 servers. On the IAP you can set just 2 servers, what happend if both are down, how is the IAP know the IP address of the 3rd server?



  • 4.  RE: Virtual IP

    MVP EXPERT
    Posted Nov 21, 2016 12:22 PM

    I believe the max you can have is 2 auth servers per SSID and 1x Captive Portal per SSID profile on the IAP. You can however have more than 1 Captive Portal returned via an User Role from the CPPM. The way I know how to do it would be to configure 3x User Roles each with a different Captive Portal in them on the IAP.

     

    For example
    CPPM1 = UserRole1

    CPPM2 = UserRole2

    CPPM3 = UserRole3

     

    You'd need a MAC auth service to accept the initial request and generate a RADIUS request to the CPPM. Depending which CPPM repsonds to the MAC auth, it can return the value of 1 of the 3 User Roles. The from here you have your Captive Portal specified in each User Role.


    Hope this makes sense :)