you can also achieve good resilience without the HW load-balancer.
This is done by configuring a VIP on ClearPass and your Captive Portal URL and its DNS would resolve to that VIP. and your NADs would be pointing to it as well.
You can do the same thing for RADIUS authentication as well.
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
------------------------------
Original Message:
Sent: Jan 13, 2023 04:50 AM
From: alexs-nd
Subject: Captive portal page resilience
Hi,
We have a guest wifi network using clearpass using a 2 node clearpas cluster. Each cluster node is in a different data center and hence in a different ip address space. The FQDN configured on our mobility controllers resolves to the IP address of the master publisher.
In terms of providing resilience ( case of master publsiher becoming unavailable), I'm guessing front ending the cppm cluster with a hardware load balancer and pointing the captive portal FQDN to its VIP is my only option?
Rgds
Alex