Cisco Cisco NAC Appliance 4.1.0
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
13-20
Cisco NAC Appliance - Clean Access Server Installation and Administration Guide
OL-12213-01
Chapter 13 Configuring High Availability (HA)
Configure DHCP Failover
Configure DHCP Failover
High-availability peer Clean Access Servers (CASes) that operate in DHCP server mode exchange
information regarding their DHCP activities, such as active leases and lease times, by secure SSH
connection (tunnel). If configuring high availability for Clean Access Servers that will operate as DHCP
servers (not in DHCP relay or passthrough mode), you need to configure DHCP failover. Keys for the
server and for the account accessing the server are required for both the HA-Primary and HA-Secondary
Clean Access Servers. As a result, a total of four keys must be exchanged. The interface described below
is provided to facilitate the generation and exchange of the security keys necessary to transfer DHCP
failover information between the primary and secondary Clean Access Servers.
information regarding their DHCP activities, such as active leases and lease times, by secure SSH
connection (tunnel). If configuring high availability for Clean Access Servers that will operate as DHCP
servers (not in DHCP relay or passthrough mode), you need to configure DHCP failover. Keys for the
server and for the account accessing the server are required for both the HA-Primary and HA-Secondary
Clean Access Servers. As a result, a total of four keys must be exchanged. The interface described below
is provided to facilitate the generation and exchange of the security keys necessary to transfer DHCP
failover information between the primary and secondary Clean Access Servers.
Note
After the DHCP server and CAS failover have been configured, both primary and secondary Clean
Access Servers must be failed over in order to create the /var/state/dhcp directory on each server. The
/var/state/dhcp directory must exist on both servers for DHCP failover to function correctly. See
Access Servers must be failed over in order to create the /var/state/dhcp directory on each server. The
/var/state/dhcp directory must exist on both servers for DHCP failover to function correctly. See
and
To Configure DHCP Failover
To start, open the admin console of the primary CAS and the secondary CAS
(
https://<ServerIP>/admin
). You will have two browsers open during this process.
1.
Go to the admin console of the primary CAS and click the DHCP Failover tab.
2.
Click the Enable button to enable DHCP failover on the primary CAS (notice that this button
toggles to Disable afterwards).
toggles to Disable afterwards).
Figure 13-10
Enable DHCP Failover
3.
Copy the value from the SSH Client Key field from the primary CAS.