working on a 8.2 environment with a MM cluster and MD cluster, both of two nodes. setup VRRP between the MDs for the APs to connect initially to and setup MD cluster with two VRRP IPs for what i picked up from the documentation and here is needed for CoA.
so one MD has three active IPs and one MD have two active IPs.
MD #1
10.3.22.31 - node IP
10.3.22.41 - cluster VRRP IP
10.3.22.30 - MD VRRP IP (for APs)
MD #2
10.3.22.32 - node IP
10.3.22.42 - cluster VRRP IP
show vrrp looks good, IPs are active where i expect them.
cluster looks good, L2 connected.
when a client connects it ends up on one of the MDs and if i turn off that MD it eventually shows up on the other MD.
so to CoA, first of all im correct that these extra IPs are needed that when a client moves the another MD that CoA remains working right? Which is in principe only happens after a device failure right?
i configured the Radius Server profile with the NAS IP set to 10.3.22.41 on MD #1 and 10.3.22.42 on MD #2.
with this setup i can bounce a client from ClearPass (6.6) on either MD.
now when i turn off one MD the client moves, but im unable to perform the CoA. ClearPass doesn't let me (the CoA option is greyed out, it was fine before turning off the MD, i repeated this test several times), it has in some way detected that the MD is different or such.
anyone experienced the same? (on itself the last part might be more a question for the Security forum, but it seems the ArubaOS 8 MD cluster function is the basis of this issue)