Cisco NAC3350-PROF-K9 Hardware Installation Guide - Page 127
Before Starting, Supported Hardware and System
View all Cisco NAC3350-PROF-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 127 highlights
Chapter 4 Configuring High Availability (HA) Installing a Clean Access Manager High Availability Pair Note The CAM always uses eth1 as the UDP heartbeat interface. Note When the primary eth1 link has been disconnected and only the serial link remains, the CAM returns a database error indicating that it cannot sync with its HA counterpart, and the administrator sees the following error in the CAM web console: "WARNING! Closed connections to peer [standby IP] database! Please restart peer node to bring databases in sync!!" Warning When connecting high availability (failover) pairs via serial cable, BIOS redirection to the serial port must be disabled for Cisco NAC Appliance CAMs/CASs and any other server hardware platform that supports the BIOS redirection to serial port functionality. See Supported Hardware and System Requirements for Cisco NAC Appliance (Cisco Clean Access) for more information. Note For serial cable connection for HA (either HA-CAM or HA-CAS), the serial cable must be a "null modem" cable. For details, refer to http://www.nullmodem.com/NullModem.htm. The following sections describe the steps for setting up high availability. Note The instructions in this section assume that you are adding a Clean Access Manager to a standalone CAM in order to configure the HA pair for a test network. Before Starting Warning To prevent any possible data loss during database synchronization, always make sure the standby (secondary) Clean Access Manager is up and running before failing over the active (primary) Clean Access Manager. Before configuring high availability, ensure that: • You have obtained a high-availability (failover) license. Note When installing a CAM Failover (HA) license, install the Failover license to the Primary CAM first, then load all the other licenses. • Both CAMs are installed and configured (see Perform the Initial CAM Configuration, page 3-6). • The two CAMs in the HA pair must remain Layer 2 adjacent to support heartbeat and sync functions. • For heartbeat, each CAM needs to have a unique hostname (or node name). For HA CAM pairs, this host name will be provided to the peer, and must be resolved via DNS or added to the peer's /etc/hosts file. • You have a CA-signed certificate for the Service IP of the HA CAM pair. (For testing, you can use the CA-signed certificate of the HA-Primary CAM, but this requires additional steps to configure the HA-Primary CAM's IP as the Service IP). OL-20326-01 Cisco NAC Appliance Hardware Installation Guide 4-7