Wireless Access

New Contributor

Clearpass publisher/ subscriber

I'm installing a cluster that has 2 nodes. 1 Publisher on the West Coast and 1 Subscriber on the East Coast with a WAN link of 50 Mbps between them. All the info I am researching shows that the Pub and Sub need to be in the same subnet. These 2 will not be in the same subnet. My question is how will redundancy work and would I use the Publisher's IP address on NAD's on the East coast? Would Radius Authentications for NAD's on the West Coast be sent to the Subscriber since it is a worker node? Should I create zones for these so authentications will be sent to closest CP Pub or Sub Server? Or am I understanding Zones wrong.. What would be the best IP address to enter on the NAD's for authentication? that of the publisher?



Thanks in advance.

Frequent Contributor I

Re: Clearpass publisher/ subscriber

Pub and sub do not need to be on same subnet. I have a cluster with the pub in US and subs all around the globe in different L3 nets. You can point your NAD to whatever node makes the most sense and write your policies accordingly. Pub can also service authentications.

Contributor I

Re: Clearpass publisher/ subscriber

Pub & SUB not require in same subnet. if you want to configure VRRP between two CPPM nodes then it should be in same subnet.  Zone is basically require for Clearpass Onguard Client communication and not for NAD. I will recommend you to configure SUB as primary radius for NAD and PUB as secondary because all configuration changes load take care by Publisher so it will better all authentication handle by sub and if Subscriber is unavilable then publisher should handle that requests.



Milind Yashwantrao

New Contributor

Re: Clearpass publisher/ subscriber

Ok, thanks for the recommedations.

New Contributor

Re: Clearpass publisher/ subscriber

Thanks. I think I will plan on pointing the NAD's to whatever is geographically closest.

Search Airheads
Showing results for 
Search instead for 
Did you mean: