Cisco Cisco Clean Access 3.5
14-3
Cisco Clean Access Manager Installation and Administration Guide
OL-7044-01
Chapter 14 Configuring High Availability
Upgrading an Existing Failover Pair
•
The machines on which the Clean Access Manager software is installed have a free Ethernet port
(eth1) and at least one free serial port. Use the specification manuals for the server hardware to
identify the serial port (ttyS0 or ttyS1) on each machine.
(eth1) and at least one free serial port. Use the specification manuals for the server hardware to
identify the serial port (ttyS0 or ttyS1) on each machine.
The following procedures require you to reboot the Clean Access Manager. At that time, its services will
be briefly unavailable. You may want to configure an online Manager when downtime has the least
impact on your users.
be briefly unavailable. You may want to configure an online Manager when downtime has the least
impact on your users.
Note
The Clean Access Manager web admin console supports the Internet Explorer 6.0 or above browser only.
Upgrading an Existing Failover Pair
For instructions on how to upgrade an existing failover pair, see
Connect the Clean Access Manager Machines
There are two types of connections between the Clean Access Manager peers: one for exchanging
runtime data relating to the Clean Access Manager activities and one for the heartbeat signal. In High
Availability, the Clean Access Manager always uses the eth1 interface for both data exchange and
heartbeat UDP exchange. When the UDP heartbeat signal fails to be transmitted and received within a
certain time period, the standby system takes over. In order to provide an extra measure of security, it is
optionally recommended to add a serial heartbeat connection between the Clean Access Manager peers.
The serial connection essentially provides an additional method of heartbeat exchange that must fail
before the standby system can take over. Note however that only the eth1 connection between the peers
is mandatory.
runtime data relating to the Clean Access Manager activities and one for the heartbeat signal. In High
Availability, the Clean Access Manager always uses the eth1 interface for both data exchange and
heartbeat UDP exchange. When the UDP heartbeat signal fails to be transmitted and received within a
certain time period, the standby system takes over. In order to provide an extra measure of security, it is
optionally recommended to add a serial heartbeat connection between the Clean Access Manager peers.
The serial connection essentially provides an additional method of heartbeat exchange that must fail
before the standby system can take over. Note however that only the eth1 connection between the peers
is mandatory.
Physically connect the peer Cisco Clean Access Managers as follows:
•
Use crossover cable to connect the eth1 Ethernet ports of the Clean Access Manager machines. This
connection is used for the heartbeat UDP interface and data exchange (database mirroring) between
the failover peers.
connection is used for the heartbeat UDP interface and data exchange (database mirroring) between
the failover peers.
•
If optionally adding a serial connection, use serial cable to connect the serial ports. This connection
is used for the additional optional heartbeat serial exchange (keep-alive) between the failover peers.
is used for the additional optional heartbeat serial exchange (keep-alive) between the failover peers.
Serial Connection
If the computer running the Clean Access Manager software has two serial ports, you can use the
additional port for the serial heartbeat connection. By default, the first serial port detected on the CAM
server is configured for console input/output (to facilitate installation and other types of administrative
access).
additional port for the serial heartbeat connection. By default, the first serial port detected on the CAM
server is configured for console input/output (to facilitate installation and other types of administrative
access).
If the computer has only one serial port (ttyS0), you can reconfigure the port to serve as the
high-availability heartbeat connection. This is because, after the Clean Access Manager is installed, SSH
can be used to access the command line interface of the CAM.
high-availability heartbeat connection. This is because, after the Clean Access Manager is installed, SSH
can be used to access the command line interface of the CAM.
To reconfigure ttyS0 as the heartbeat connection, follow these steps:
1.
From an SSH client, access the Cisco Clean Access Manager as
root
user.
2.
Edit
/etc/lilo.conf
and remove or comment out the last line: