Cisco Cisco NAC Appliance 4.1.0
13-23
Cisco NAC Appliance - Clean Access Server Installation and Administration Guide
OL-12213-01
Chapter 13 Configuring High Availability (HA)
Modifying High Availability Settings
Modifying High Availability Settings
The following instructions describe how to change settings for an existing high-availability Clean
Access Server pair. Changing the Service IP, the subnet mask, or the default gateway for a
high-availability pair requires updating the Clean Access Manager and rebooting the Clean Access
Server.
Access Server pair. Changing the Service IP, the subnet mask, or the default gateway for a
high-availability pair requires updating the Clean Access Manager and rebooting the Clean Access
Server.
Additionally, if the Service IP address is changed and the SSL certificate for the Clean Access Server is
based on the Service IP, a new certificate must be generated and imported to each Clean Access Server
in the high-availability pair. If the SSL certificate is based on the host name of the Clean Access Server,
generating a new certificate is not necessary. However, make sure to change the IP address for that host
name in your DNS server.
based on the Service IP, a new certificate must be generated and imported to each Clean Access Server
in the high-availability pair. If the SSL certificate is based on the host name of the Clean Access Server,
generating a new certificate is not necessary. However, make sure to change the IP address for that host
name in your DNS server.
The general sequence of steps is as follows:
1.
Update the Clean Access Server settings in the Clean Access Manager first (but do not reboot).
2.
Update the HA settings in the direct access web console for the primary CAS and reboot the primary
CAS.
CAS.
3.
While the primary CAS reboots, wait for the secondary CAS to become active in the CAM’s List of
Servers.
Servers.
4.
Repeat steps 1-3 for the secondary CAS and reboot the secondary CAS.
5.
While the secondary CAS reboots, the primary CAS becomes active in the Clean Access Manager
and displays the new settings.
and displays the new settings.
To Change IP Settings for an HA-CAS
1.
From the CAM web admin console, go to Device Management > CCA Servers
2.
Click the Manage button for the Clean Access Server.
3.
Click the Network tab.
4.
Change the IP Address, Subnet Mask, or Default Gateway settings for the trusted/untrusted
interfaces as desired.
interfaces as desired.
5.
Click the Update button only.
Caution
Do not click the Reboot button at this stage.
6.
If the SSL certificate for the CAS was based on the previous IP address, you will need to generate
a new SSL certificate based on the new IP address configured. This can be done under Device
Management > CCA Servers > Manage [CAS_IP] > Network > Certs. See
a new SSL certificate based on the new IP address configured. This can be done under Device
Management > CCA Servers > Manage [CAS_IP] > Network > Certs. See
for details.
7.
If the SSL certificate was based on the host name of your Clean Access Server, you do not need to
generate a new certificate. However, make sure to change the IP address for that host name in your
DNS server.
generate a new certificate. However, make sure to change the IP address for that host name in your
DNS server.
8.
Next, open the direct access web admin console for the primary Clean Access Server as follows:
https://<Primary_CAS_eth0_IPaddress>/admin
9.
The IP form for the primary CAS will reflect the changes you made in the CAM web console under
Device Management > CCA Servers > Manage [CAS_IP] > Network > IP.
Device Management > CCA Servers > Manage [CAS_IP] > Network > IP.
10.
In Clean Access Server direct access console, click the Network > Failover tab.