Cisco Cisco NAC Appliance 4.1.0
13-4
Cisco NAC Appliance - Clean Access Server Installation and Administration Guide
OL-12213-01
Chapter 13 Configuring High Availability (HA)
CAS High Availability Requirements
–
This IP has to exist on the CAS management subnet
–
It cannot be the default gateway of the CAS
–
The CAS will send these ping packets out of the eth1 interface
–
Verify whether Set Management VLAN ID is enabled for the eth1 interface. If this option is
not enabled, CAS will send traffic out untagged on the eth1 interface. The switch will determine
whether these packets should be received on its native VLAN. Therefore, on the untrusted
interface, ensure that the native VLAN is being forwarded.
not enabled, CAS will send traffic out untagged on the eth1 interface. The switch will determine
whether these packets should be received on its native VLAN. Therefore, on the untrusted
interface, ensure that the native VLAN is being forwarded.
–
The external IP address will be in the CAS management subnet, but on the untrusted side, the
traffic will be going out from the CAS in the native VLAN; hence ensure the native VLAN is
being forwarded towards the external IP device.
traffic will be going out from the CAS in the native VLAN; hence ensure the native VLAN is
being forwarded towards the external IP device.
Refer to
and
for additional configuration details.
CAS High Availability Requirements
This section describes addition planning considerations when implementing high availability:
Physical Connection
Cisco recommends the use of a dedicated connection for failover heartbeat on Clean Access Server
high-availability pairs. You can use:
high-availability pairs. You can use:
•
A serial null-modem cable, or
•
A dedicated Ethernet NIC card, configured as the eth2 interface of the CAS, or
•
UDP heartbeat over eth0 and a serial null-modem cable.
It is recommended to configure a third NIC card as the eth2 interface of CAS. If your server only has
two network interfaces, you can purchase one of the following NIC cards for this purpose:
two network interfaces, you can purchase one of the following NIC cards for this purpose:
•
PWLA8492MT = Intel PRO/1000 MT Dual Port Server Adapter (copper)
•
PWLA8492MF = Intel PRO/1000 MF (dual SX fiber LC connectors)
Note
For serial cable connection for HA (either HA-CAM or HA-CAS), the serial cable must be a “null
modem” cable. For details, refer to
modem” cable. For details, refer to
.
If a third network interface (e.g. eth2) is available, it can be used for UDP heartbeat instead of eth0. In
this case, the eth2 interfaces on the two machines are connected using a crossover cable. If installing an
additional Ethernet interface, configure the IP address for the interface (see
this case, the eth2 interfaces on the two machines are connected using a crossover cable. If installing an
additional Ethernet interface, configure the IP address for the interface (see
for details).
If a dedicated Ethernet interface (e.g. eth2) is not available on the server machine, eth0 is supported for
the Heartbeat UDP interface, in conjunction with serial heartbeat. See
the Heartbeat UDP interface, in conjunction with serial heartbeat. See
.
Serial heartbeat connection generally requires the server machine to have at least two serial ports: one
port (ttyS0) is used for the serial heartbeat connection and the other is used to access to the server for
configuration tasks. For details, see
port (ttyS0) is used for the serial heartbeat connection and the other is used to access to the server for
configuration tasks. For details, see