Cisco NAC3350-PROF-K9 Hardware Installation Guide - Page 158
d. Con the SSL Certificate, e. Reboot the HA-Secondary CAS
View all Cisco NAC3350-PROF-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 158 highlights
Installing a Clean Access Server High Availability Pair Chapter 4 Configuring High Availability (HA) • Heartbeat Timeout (seconds): Choose a value greater than 15 seconds. Note To avoid a potentially serious network issue where two CASs deployed as an HA pair reboot at the same time (in the event power returning after an outage, for example) and both come up as the active CAS in the HA pair, Cisco recommends setting the Heartbeat Timeout to a value greater than 30 seconds. The possible network implication in this scenario is that the to "active" CASs can introduce a Layer 2 broadcast loop that almost immediately brings down the network. Another method you can use to avoid this scenario is to ensure you use an additional Ethernet interface link (eth2, eth3) for heartbeat monitoring between your CAS Ha pair nodes. See Heartbeat UDP Interface 2 and Heartbeat UDP interface 3, above and Configuring Additional NIC Cards, page 3-37, for more information. • Update: Click to update the HA configuration information for the CAS without rebooting it. • Reboot: This is used to reboot the CAS at the end of HA-Primary CAS configuration. (Do not click Reboot at this point.) d. Configure the SSL Certificate 7. Now configure the SSL certificate for the HA-Secondary CAS. Navigate to Administration > SSL > X509 Certificate and perform one of the following procedures: If using a temporary certificate for the HA pair: a. Click Browse and navigate to the location on your local machine where you have saved the temporary certificate and Private Key you previously exported from the HA-Primary CAS. b. Select the certificate file and click Import. c. Repeat the process to import the Private Key. If using a CA-signed certificate for the HA pair: a. Click Browse and navigate to the location on your local machine where you have saved the CA-signed certificate you received from your Certificate Authority and the associated Private Key you exported from the HA-Primary CAS and saved to your local machine. b. Select the CA-signed certificate file and click Import. c. Repeat the process to import the Private Key. For more information, see the "Manage CAS SSL Certificates" section in the Cisco NAC Appliance Clean Access Server Configuration Guide, Release 4.8(3). e. Reboot the HA-Secondary CAS 8. From the CAS direct access interface (Network Settings > Failover > General), click the Reboot button to reboot the Clean Access Server. Connect the Clean Access Servers and Complete the Configuration 1. Shut down the HA-Primary CAS machine and connect the rjcas_1 and rjcas_2 machines using a serial null modem cable (connecting available serial ports) and/or a crossover cable (connecting Ethernet ports if using a pair of Ethernet interfaces such as eth2 or eth3 for failover). 4-38 Cisco NAC Appliance Hardware Installation Guide OL-20326-01