Cisco NAC3350-PROF-K9 - NAC Profiler Server Installation Manual page 156

Installing a Clean Access Server High Availability Pair
Untrusted-side Link-detect IP Address (Optional): When an IP address (e.g. for a downstream
•
switch) is optionally entered in this field, the CAS will attempt to ping this address. You can enter
the same or different untrusted-side link-detect addresses on both the HA-Primary and
HA-Secondary CAS.
Note
Link-detect Timeout (seconds) (Optional): This configures the length of time the CAS will
•
attempt to ping the Trusted-side and/or Untrusted-side Link-detect IP address(es). Enter a time of at
least 26 seconds. If the CAS cannot ping the node for the period of time specified, the node is not
pingable.
Note
[Secondary] Local Host Name: This is filled in by default for the HA-Secondary CAS, as
•
configured under Administration > Network Settings > DNS | Host Name ("rjcas_2" in this
example).
• [Secondary] Local Serial No: Filled in by default for the HA-Secondary CAS.
• [Secondary] Local MAC Address (trusted-side interface): Filled in by default; the MAC address
of the eth0 interface for the HA-Secondary CAS.
• [Secondary] Local MAC Address (untrusted-side interface): Filled in by default; the MAC
address of the eth1 interface for the HA-Secondary CAS.
Note • You may want to copy and paste the [Secondary] Local Host Name, [Secondary] Local Serial No.
and [Secondary] Local MAC Address (trusted/untrusted) values into a text file. These values are
needed to configure the HA-Primary CAS.
To enter the HA-Primary CAS information into the form for the HA-Secondary CAS, copy and paste
•
the corresponding fields from the web console of the HA-Primary CAS.
[Primary] Peer Host Name: Type the host name of the HA-Primary CAS ("rjcas_1" in
•
Figure
Name specified in the peer machine DNS tab (under Administration > Network Settings > DNS |
Host Name).
[Primary] Peer Serial No: The serial number of the HA-Primary CAS. When the HA-Secondary
•
CAS becomes Active, it must use the serial number of the HA-Primary CAS to identify itself to the
CAM in order to access the CAS configuration information.
Cisco NAC Appliance Hardware Installation Guide
4-36
If your network topology restricts Link-detect functionality between your CAS HA pair
appliances, you can also use the /etc/ha.d/linkdetect.conf file to enforce Link-detect behavior
on your eth0 and/or eth1 interfaces. See
The standby CAS may still receive heartbeat packets from the active CAS via other available
heartbeat interfaces (serial or eth2, for example) even though its eth0 and/or eth1 interface goes
down. If the standby CAS relies only on heartbeat timers for stateful failover, the standby CAS
would never assume the active role even though the active CAS becomes unable to perform its
primary function. With link-based failover configured, the active and standby CAS exchange
eth0 and eth1 status via the heartbeat interface, so if one of those two interfaces go down, the
standby CAS can still assume the active role even if the heartbeat from the active CAS does not
trigger a failover event.
See Choosing External IPs for Link-Based Failover, page 4-22
4-12). The [Primary] Peer Host Name is case-sensitive and must exactly match the Host
Chapter 4
Link-Detect Interfaces, page 4-45
for additional details.
Configuring High Availability (HA)
for more details.
OL-20326-01