Serial Port High-Availability Connection; Configure High Availability - Cisco NAC3350-PROF-K9 - NAC Profiler Server Installation Manual

Installing a Clean Access Server High Availability Pair
If using eth0 as the UDP heartbeat interface, make sure that the management interfaces on the CAS are
Note
in their own VLAN, not on a VLAN with other user traffic. This is a general best practice that allows
you to segment and protect management traffic when running the failover heartbeat over the same
physical interface.

Serial Port High-Availability Connection

By default, the first serial connector detected on the server is configured for console input/output (to
facilitate installation and other types of administrative access).
When connecting high availability (failover) pairs via serial cable, BIOS redirection to the serial port
Warning
must be disabled for Cisco NAC Appliance CAMs/CASs and any other server hardware platform that
supports the BIOS redirection to serial port functionality. See
Requirements for Cisco NAC Appliance (Cisco Clean Access)
To help prevent a potential network security threat, Cisco strongly recommends physically disconnecting
Caution
from the Cisco NAC console management port when you are not using it. For more details, see
http://seclists.org/fulldisclosure/2011/Apr/55, which applies to the Cisco ISE, Cisco NAC Appliance,
and Cisco Secure ACS hardware platforms.
When high-availability mode is selected, the serial console login (ttyS0) is automatically disabled to free
the serial port for HA mode. To re-enable ttyS0 as the console login, deselect the Disable Serial Login
checkbox on the Failover > General tab after clicking Update and before clicking Reboot. For details,
see steps
and Update, page

Configure High Availability

Note Cisco NAC network modules installed in Cisco Integrated Services Routers (ISRs) do not support high
availability.
The following sections describe how to set up high availability in four general procedures:
•
•
•
•
"Primary/Secondary" denotes the server mode when it is configured for HA.
Note
"Active/Standby" denotes the runtime status of the server.
Cisco NAC Appliance Hardware Installation Guide
4-26
c. Configure HA-Primary Mode and Update, page 4-28
4-34.
Step 1: Configure the HA-Primary Clean Access Server, page 4-27
Step 2: Configure the HA-Secondary Clean Access Server, page 4-34
Step 3: Connect the Clean Access Servers and Complete the Configuration, page 4-38
Step 4: Failing Over an HA-CAS Pair, page 4-39
Chapter 4 Configuring High Availability (HA)
Supported Hardware and System
for more information.
and c. Configure HA-Secondary Mode
OL-20326-01