1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Network Hardware
  5. NAC3350-PROF-K9 - NAC Profiler Server
  6. Installation manual

Modifying Cas High Availability Settings; To Change Ip Settings For An Ha-Cas - Cisco NAC3350-PROF-K9 - NAC Profiler Server Installation Manual

Nac appliance hardware
Hide thumbs
Table of Contents

Advertisement

Installing a Clean Access Server High Availability Pair

Modifying CAS High Availability Settings

The following instructions describe how to change settings for an existing high-availability Clean
Access Server pair. Changing the Service IP, the subnet mask, or the default gateway for a
high-availability pair requires updating the Clean Access Manager and rebooting the Clean Access
Server.
Additionally, if the Service IP address is changed and the SSL certificate for the Clean Access Server is
based on the Service IP, a new certificate must be generated and imported to each Clean Access Server
in the high-availability pair. If the SSL certificate is based on the host name of the Clean Access Server,
generating a new certificate is not necessary. However, make sure to change the IP address for that host
name in your DNS server.
The general sequence of steps is as follows:
1.
2.
3.
4.
5.

To Change IP Settings for an HA-CAS

1.
2.
3.
4.
5.
Do not click the Reboot button at this stage.
Caution
6.
7.
8.
9.
10.
Cisco NAC Appliance Hardware Installation Guide
4-40
Update the Clean Access Server settings in the Clean Access Manager first (but do not reboot).
Update the HA settings in the direct access web console for the primary CAS and reboot the primary
CAS.
While the primary CAS reboots, wait for the secondary CAS to become active in the CAM's List of
Servers.
Repeat steps 1-3 for the secondary CAS and reboot the secondary CAS.
While the secondary CAS reboots, the primary CAS becomes active in the Clean Access Manager
and displays the new settings.
From the CAM web admin console, go to Device Management > CCA Servers.
Click the Manage button for the Clean Access Server.
Click the Network tab.
Change the IP Address, Subnet Mask, or Default Gateway settings for the trusted/untrusted
interfaces as desired.
Click the Update button only.
If the SSL certificate for the CAS was based on the previous IP address, you will need to generate
a new SSL certificate based on the new IP address configured. This can be done under
Administration > SSL > X509 Certificate. See the "Manage CAS SSL Certificates" section of the
Cisco NAC Appliance - Clean Access Server Configuration Guide, Release 4.8(3)
If the SSL certificate was based on the host name of your Clean Access Server, you do not need to
generate a new certificate. However, make sure to change the IP address for that host name in your
DNS server.
Next, open the direct access web admin console for the primary Clean Access Server as follows:
https://<primary_CAS_eth0_IP_address>/admin
The IP form for the primary CAS will reflect the changes you made in the CAM web console under
Device Management > CCA Servers > Manage [CAS_IP] > Network > IP.
In Clean Access Server direct access console, click the Network > Failover> General tab.
Chapter 4
Configuring High Availability (HA)
for details.
OL-20326-01
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the NAC3350-PROF-K9 - NAC Profiler Server and is the answer not in the manual?

Related Manuals for Cisco NAC3350-PROF-K9 - NAC Profiler Server

Related Products for Cisco NAC3350-PROF-K9 - NAC Profiler Server

This manual is also suitable for:

Nac-3315Nac-3355Nac-3395Nac-3310Nac-3350Nac-3390

Table of Contents