Table of Contents
Advertisement
Chapter 4
Configuring High Availability (HA)
Note
•
Both Clean Access Servers share a virtual Service IP for the eth0 trusted interface and eth1 untrusted
interface. The Service IP should be used for SSL certificates.
Cisco NAC-3310 CAMs/CASs feature a 160GB hard drive or 80GB hard drive. Both of these hard
•
drive sizes support High Availability (HA) deployments, and you can safely deploy a 160GB model
in an HA pair with an 80GB model.
HA CAMs/CASs automatically establish an IPSec tunnel to ensure all communications between the
•
HA Pair appliances remains secure across the network.
Starting from release 4.5(1), when a standby CAS assumes the role of an active CAS that is
•
performing DHCP address management and has gone into Fallback state, the new active CAS also
assumes DHCP functions in addition to user login.
The connection between HA pairs must be extremely reliable, with communication between HA pairs
Caution
unimpeded. The best practice is to use a dedicated Ethernet cable. Breaking communication between HA
pairs will result in two active nodes, which can have serious negative operational consequences. A key
aspect of the link between HA pairs is the ability to restore that link should it go down; restoration may
be fundamental to network stability, depending on your design.
To avoid the HA pairs resulting in two active nodes, Cisco recommends to setup the eth2/eth3 interfaces
Tip
on HA CASs for heartbeat.
Figure 4-9
OL-20326-01
The standby CAS may still receive heartbeat packets from the active CAS via other available
heartbeat interfaces (serial or eth2, for example) even though its eth0 and/or eth1 interface
goes down. If the standby CAS relies only on heartbeat timers for stateful failover, the
standby CAS would never assume the active role even though the active CAS becomes
unable to perform its primary function. With link-based failover configured, the active and
standby CAS exchange eth0 and eth1 status via the heartbeat interface, so if one of those two
interfaces go down, the standby CAS can still assume the active role even if the heartbeat
from the active CAS does not trigger a failover event.
illustrates the basic connections in an example HA-CAS configuration.
Installing a Clean Access Server High Availability Pair
Cisco NAC Appliance Hardware Installation Guide
4-19
Hide quick links:
Advertisement
Table of Contents
