Cisco NAC3350-PROF-K9 Hardware Installation Guide - Page 152

Installing a Clean Access Server High Availability Pair Chapter 4 Configuring High Availability (HA) Note Cisco strongly recommends you do not use the serial interface on the NAC-3315/3355/3395 for the HA heartbeat function. Although this element still appears in the CAM web console, the Heartbeat Serial Interface feature is being deprecated in a future Cisco NAC Appliance release. (The associated Heartbeat Timeout value remains a valid configuration point, however, for deployments using optional Heartbeat UDP interfaces 2 and 3.) • Heartbeat Timeout (seconds): Choose a value greater than 15 seconds. Note To avoid a potentially serious network issue where two CASs deployed as an HA pair reboot at the same time (in the event power returning after an outage, for example) and both come up as the active CAS in the HA pair, Cisco recommends setting the Heartbeat Timeout to a value greater than 30 seconds. The possible network implication in this scenario is that the to "active" CASs can introduce a Layer 2 broadcast loop that almost immediately brings down the network. Another method you can use to avoid this scenario is to ensure you use an additional Ethernet interface link (eth2, eth3) for heartbeat monitoring between your CAS Ha pair nodes. See Heartbeat UDP Interface 2 and Heartbeat UDP interface 3, above and Configuring Additional NIC Cards, page 3-37, for more information. • Update: Click to update the HA configuration information for the CAS without rebooting it. • Reboot: This is used to reboot the CAS at the end of HA-Primary CAS configuration. (Do not click Reboot at this point.) d. Configure the SSL Certificate 7. Now configure the SSL certificate for the HA-Primary CAS. Navigate to Administration > SSL > X509 Certificate. Figure 4-15 Administration > SSL > X509 Certificate 4-32 Cisco NAC Appliance Hardware Installation Guide OL-20326-01