Cisco NAC3350-PROF-K9 Hardware Installation Guide - Page 140
Service IP, Address, List of Servers,
View all Cisco NAC3350-PROF-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 140 highlights
Installing a Clean Access Server High Availability Pair Chapter 4 Configuring High Availability (HA) Untrusted network Figure 4-9 Clean Access Server Example High-Availability Configuration Service IP (untrusted-side) 10.201.50.243 Primary CAS (rjcas_1) eth1 (10.201.50.240) link detect (icmp req) Secondary CAS (rjcas_2) eth1 (10.201.50.241) link detect (icmp req) Heartbeat UDP Interface 1 eth0 (10.201.2.111) (Optional) Heartbeat UDP Interface 2 or 3 (Optional) Heartbeat UDP Interface 2 or 3 Service IP (trusted-side) 10.201.2.112 Heartbeat UDP Interface 1 eth0 (10.201.2.110) Trusted network 195813 Note "Primary/Secondary" denotes the server mode when it is configured for HA. "Active/Standby" denotes the runtime status of the server. When first configuring the HA peers, you must specify an HA-Primary CAS and HA-Secondary CAS. Initially, the HA-Primary is the active CAS, and the HA-Secondary is the standby (passive) CAS. If a failover event occurs, such as the active CAS shuts down or stops responding to the peer's heartbeat signal, the standby assumes the role of the active CAS. Note If both the HA-Primary and HA-Secondary CASs in your HA deployment lose their configuration, you can restore the system using the guidelines in the "Restoring Configuration from CAM Snapshot In HA Deployment" section in the Cisco NAC Appliance - Clean Access Manager Configuration Guide, Release 4.8(3). When the CAS starts up again, it checks to see if its peer is active. If the peer is active, the starting CAS becomes the standby. If the peer is not active, then the starting CAS assumes the active role. Typically, Clean Access Servers are configured as an HA pair at the same time, but you can add a new Clean Access Server to an existing standalone CAS to create a high-availability pair. In order for the pair to appear to the network and to the Clean Access Manager as one entity, you must specify a Service IP Address for the trusted interface (eth0) and a Service IP address for untrusted interface (eth1) of the pair. Use the Service IP of the CASs to add the CAS to the CAM. Figure 4-10 shows how the active CAS of a high-availability pair is displayed in brackets next to the Service IP for the pair in the List of Servers in the CAM web console. In addition, either the trusted or untrusted interface Service IP address should be used to generate the SSL certificate. 4-20 Cisco NAC Appliance Hardware Installation Guide OL-20326-01