Table of Contents
Advertisement
Installing a Clean Access Manager High Availability Pair
(Recommended) Specify parameters to enable failover based on eth0 link failure detection for the
Step 8
HA-Secondary CAM:
a.
Enter IP addresses for the interfaces the HA pair uses to failover from the primary to the secondary
CAM in the Link-detect IP Address for eth0 field.
b.
Specify the duration (in seconds) the CAM continues to ping the Link-detect IP address before
determining that the eth0 interface may have gone down, thus initiating a failover to the secondary
CAM, in the Link-detect Timeout field. The minimum value for this setting is 10 seconds, but
Cisco recommends at least a 25-second timeout interval.
Note
Set the [Primary] Peer Host Name value to the HA-Primary CAM's host name.
Step 9
Step 10
If you are using the default setting for the mandatory eth1 UDP heartbeat interface, leave the Auto eth1
Setup checkbox enabled (checked). If you want to specify a different [Primary] Heartbeat eth1
Address, uncheck the Auto eth1 Setup checkbox and enter the new IP address in the (peer IP on
heartbeat udp interface on eth1) field.
Note
To specify redundant failover links as described in
Warning
Ethernet interfaces on the CAM before you try to set up HA. If you attempt to configure these
interfaces, however, and the NICs on which the Ethernet interfaces reside are not configured
correctly, the CAM will enter maintenance mode (will not boot properly) when you reboot.
(Optional) If you enabled the HA-Primary CAM's Heartbeat UDP Interface 2 function that sets up a
Step 11
redundant failover heartbeat via the CAM eth0 interface on the HA-Primary CAM, enable the eth0
checkbox and specify the same peer IP address in the [Primary] Heartbeat IP Address on eth0 field
as on the HA-Primary CAM.
(Optional) If you enabled the HA-Primary CAM's Heartbeat UDP Interface 3 function on the
Step 12
HA-Primary CAM, select eth2 or eth3 from the dropdown menu and the same associated peer IP address
in the [Primary] Heartbeat IP Address on interface 3 field as on the HA-Primary CAM.
Cisco strongly recommends you do not use the serial interface on the NAC-3315/3355/3395 for the HA
Note
heartbeat function. Although this element still appears in the CAM web console, the Heartbeat Serial
Interface feature is being deprecated in a future Cisco NAC Appliance release. (The associated
Heartbeat Timeout value remains a valid configuration point, however, for deployments using optional
Heartbeat UDP interfaces 2 and 3.)
Specify the Heartbeat Timeout value for the HA secondary CAM to set the duration the CAM should
Step 13
wait before declaring that it has lost communication with its HA peer, thus assuming the role of the active
CAM in the HA pair. The default Heartbeat Timeout value is 30 seconds.
Cisco NAC Appliance Hardware Installation Guide
4-14
Link-detect settings on the CAM (Release 4.1(3) and later) are needed to allow the active
CAM to failover to the standby CAM in case of a switch port failure or a link failure on the
switch port connected to eth0 of the active CAM. In the event a failover must take place, the
Link detect setting allows the standby CAM to ensure that the secondary CAM eth0 interface
is up and able to take on the active role.
The Auto eth1 Setup option automatically assigns 192.168.0.254 as the primary CAM's eth1
(heartbeat) interface and assumes the IP address for the peer (secondary) eth1 interface is
192.168.0.253.
Chapter 4
Configuring High Availability (HA)
Step
12, you must first configure the appropriate
OL-20326-01
Hide quick links:
Advertisement
Table of Contents
