Table of Contents
Advertisement
Chapter 4
Configuring High Availability (HA)
Note
When the primary eth1 link has been disconnected and only the serial link remains, the CAM returns a
Note
database error indicating that it cannot sync with its HA counterpart, and the administrator sees the
following error in the CAM web console: "WARNING! Closed connections to peer [standby IP]
database! Please restart peer node to bring databases in sync!!"
Warning
When connecting high availability (failover) pairs via serial cable, BIOS redirection to the serial port
must be disabled for Cisco NAC Appliance CAMs/CASs and any other server hardware platform that
supports the BIOS redirection to serial port functionality. See
Requirements for Cisco NAC Appliance (Cisco Clean Access)
Note
For serial cable connection for HA (either HA-CAM or HA-CAS), the serial cable must be a "null
modem" cable. For details, refer to http://www.nullmodem.com/NullModem.htm.
The following sections describe the steps for setting up high availability.
Note
The instructions in this section assume that you are adding a Clean Access Manager to a standalone
CAM in order to configure the HA pair for a test network.
Before Starting
To prevent any possible data loss during database synchronization, always make sure the standby
Warning
(secondary) Clean Access Manager is up and running before failing over the active (primary) Clean
Access Manager.
Before configuring high availability, ensure that:
•
Note
•
•
•
•
OL-20326-01
The CAM always uses eth1 as the UDP heartbeat interface.
You have obtained a high-availability (failover) license.
When installing a CAM Failover (HA) license, install the Failover license to the Primary CAM
first, then load all the other licenses.
Both CAMs are installed and configured (see
The two CAMs in the HA pair must remain Layer 2 adjacent to support heartbeat and sync functions.
For heartbeat, each CAM needs to have a unique hostname (or node name). For HA CAM pairs, this
host name will be provided to the peer, and must be resolved via DNS or added to the peer's
/etc/hosts file.
You have a CA-signed certificate for the Service IP of the HA CAM pair. (For testing, you can use
the CA-signed certificate of the HA-Primary CAM, but this requires additional steps to configure
the HA-Primary CAM's IP as the Service IP).
Installing a Clean Access Manager High Availability Pair
Supported Hardware and System
for more information.
Perform the Initial CAM Configuration, page
Cisco NAC Appliance Hardware Installation Guide
3-6).
4-7
Hide quick links:
Advertisement
Table of Contents
