Table of Contents
Advertisement
Installing a Clean Access Server High Availability Pair
Choosing External IPs for Link-Based Failover
•
•
•
Refer to
and Update, page 4-34
CAS High Availability Requirements
This section describes addition planning considerations when implementing high availability.
In a CAS HA deployment using NAT on the trusted (eth0) side, you must ensure that the
Note
-Dperfigo.nat.serviceip=<NAT'ed service IP or CAS service hostname> property is set for the
starttomcat and restartweb files on both the Primary and Secondary CAS.
For example,
Physical Connection
Cisco recommends using a dedicated connection for failover heartbeat on Clean Access Server
high-availability pairs. You can use:
•
Cisco NAC Appliance Hardware Installation Guide
4-22
Keep in mind that when the CAS initiates traffic, it will always send packets out of its untrusted
(eth1) interface except for packets destined to its default gateway. Therefore, when choosing an
external IP on trusted network for CAS to ping via the eth0 interface, choose any IP belonging to a
subnet other than the CAS subnet.
The external IP addresses should be different for the trusted and untrusted interfaces.
When choosing an external IP on the untrusted network for CAS to ping via the eth1 interface:
This IP has to exist on the CAS management subnet.
–
It cannot be the default gateway of the CAS.
–
The CAS will send these ping packets out of the eth1 interface.
–
Verify whether Set Management VLAN ID is enabled for the eth1 interface. If this option is
–
not enabled, CAS will send traffic out untagged on the eth1 interface. The switch will determine
whether these packets should be received on its native VLAN. Therefore, on the untrusted
interface, ensure that the native VLAN is being forwarded.
–
The external IP address will be in the CAS management subnet, but on the untrusted side, the
traffic will be going out from the CAS in the native VLAN; hence ensure the native VLAN is
being forwarded towards the external IP device.
c. Configure HA-Primary Mode and Update, page 4-28
for additional configuration details.
-Dperfigo.nat.serviceip=172.10.20.100
A dedicated Ethernet NIC card, configured as the eth2 or eth3 interface of the CAS
If a dedicated Ethernet interface (e.g. eth2 or eth3) is not available on the server machine,
Note
eth0 and eth1 are supported for the Heartbeat UDP interface. (This function does not apply,
however, if you have deployed your CASs in Virtual Gateway mode and the eth0 and eth1
interfaces have the same IP address.) See
Interface, page
4-25.
Chapter 4
Configuring High Availability (HA)
and
c. Configure HA-Secondary Mode
.
Selecting and Configuring the Heartbeat UDP
OL-20326-01
Hide quick links:
Advertisement
Table of Contents
