Cisco NAC3350-PROF-K9 Hardware Installation Guide - Page 156

Installing a Clean Access Server High Availability Pair Chapter 4 Configuring High Availability (HA) • Untrusted-side Link-detect IP Address (Optional): When an IP address (e.g. for a downstream switch) is optionally entered in this field, the CAS will attempt to ping this address. You can enter the same or different untrusted-side link-detect addresses on both the HA-Primary and HA-Secondary CAS. Note If your network topology restricts Link-detect functionality between your CAS HA pair appliances, you can also use the /etc/ha.d/linkdetect.conf file to enforce Link-detect behavior on your eth0 and/or eth1 interfaces. See Link-Detect Interfaces, page 4-45 for more details. • Link-detect Timeout (seconds) (Optional): This configures the length of time the CAS will attempt to ping the Trusted-side and/or Untrusted-side Link-detect IP address(es). Enter a time of at least 26 seconds. If the CAS cannot ping the node for the period of time specified, the node is not pingable. Note The standby CAS may still receive heartbeat packets from the active CAS via other available heartbeat interfaces (serial or eth2, for example) even though its eth0 and/or eth1 interface goes down. If the standby CAS relies only on heartbeat timers for stateful failover, the standby CAS would never assume the active role even though the active CAS becomes unable to perform its primary function. With link-based failover configured, the active and standby CAS exchange eth0 and eth1 status via the heartbeat interface, so if one of those two interfaces go down, the standby CAS can still assume the active role even if the heartbeat from the active CAS does not trigger a failover event. See Choosing External IPs for Link-Based Failover, page 4-22 for additional details. • [Secondary] Local Host Name: This is filled in by default for the HA-Secondary CAS, as configured under Administration > Network Settings > DNS | Host Name ("rjcas_2" in this example). • [Secondary] Local Serial No: Filled in by default for the HA-Secondary CAS. • [Secondary] Local MAC Address (trusted-side interface): Filled in by default; the MAC address of the eth0 interface for the HA-Secondary CAS. • [Secondary] Local MAC Address (untrusted-side interface): Filled in by default; the MAC address of the eth1 interface for the HA-Secondary CAS. Note • You may want to copy and paste the [Secondary] Local Host Name, [Secondary] Local Serial No. and [Secondary] Local MAC Address (trusted/untrusted) values into a text file. These values are needed to configure the HA-Primary CAS. • To enter the HA-Primary CAS information into the form for the HA-Secondary CAS, copy and paste the corresponding fields from the web console of the HA-Primary CAS. • [Primary] Peer Host Name: Type the host name of the HA-Primary CAS ("rjcas_1" in Figure 4-12). The [Primary] Peer Host Name is case-sensitive and must exactly match the Host Name specified in the peer machine DNS tab (under Administration > Network Settings > DNS | Host Name). • [Primary] Peer Serial No: The serial number of the HA-Primary CAS. When the HA-Secondary CAS becomes Active, it must use the serial number of the HA-Primary CAS to identify itself to the CAM in order to access the CAS configuration information. 4-36 Cisco NAC Appliance Hardware Installation Guide OL-20326-01