Security

Might be a silly quesstion..

I've configured our router endpoints to forward dhcp requests not not only to our UoY dhcp server but also the master publisher for each of our two clearpass clusters.

quesiton, do I have to point dhcp requsts at the aster publisher or can I point them at a secondary node as well ? Just thinking of how a cluster might provess inbound dhcp requests if the publisher os offline for some reason

A

You have to configure it to send dhcp packets to both nodes. You have more details of ClearPass behaviour in "ClearPass Profiling Technote".

o.k. onlyversion of that I can find is cppm 6.5 and yes can remeber an endpoint classification checkboc being there at one point but in 6.7 its not there, All I see is as shown in the png file

That would imply that for our production cluster I'd have to send it to 6 servers

Can anyone point me to a clearpass profiling technique doc for 6.7.2?

Can't see any refernece to a checkbox for "allow this node to perform endpoint classification"

You can check the Release Note of CPPM 6.7:

So just to check

If we don't specifiy a primary and secondary master server in zone, the server with the highest UUID gets selected.

If we're pointing dhcp requests at our master publisher but the primary server is one of our secondaries because we haven't set the master server in a zone then does that mean that our dhcp collecctor won't work?

Have tried this on our dev cluster and "stuff happened"  unfortunately a colleague was also doing things at the same time to the device we were using to test this so this is just a check

Just tracked this down as well but many many  thanks for the info

Rgds

Alex