[VIDEO] Using Virtual IP interfaces in a ClearPass Cluster

Retired Employee
Retired Employee

This video will teach you how to set up Virtual IP interfaces on two ClearPass Policy Managers in a cluster. This allows you to have a secondary RADIUS, TACACS+, WebAuth and captive portal options in the event one of the appliances is off-line.


This is a great feature to use when setting up "Intermediate" ClearPass functionality.

Version history
Revision #:
4 of 4
Last update:
‎06-28-2013 07:42 PM
Updated by:
Retired Employee

Michael Caine works for Aruba?!



Great video!


I'm not sure I follow the use case for setting up two VIPs, when the two servers are members of both VIPs but in opposite order. Is this so you can accomplish an active/active setup with failover?

@thecompnerd2 - In short Yes. This would be a very valid use case. You could also look to split certan services across the cluster but know that in the event of a failure, reuests for RADIUS/CaptivePortal or some other process such as AirGroup could still have their requests serviced bu one of the CPPM instances. 

What about setting up VIP1 with CPPM1 and CPPM2, and setting up VIP2 with CPPM3 and CPPM2?  Would that configuration make use of all three servers, and provide functionality regardless of which server failed?

Am I missing something or do both of the CPPM devices need to be on the same subnet? Unlike a netscaler VIP there is nothing in front of the devices to do a ip/mac rewrite. We are trying to do something similar but our CPPM devices are physically located in different datacenters on different subnets. Any thoughts on this? Thanks.


Search Airheads
Showing results for 
Search instead for 
Did you mean: