4-6
Cisco NAC Appliance Hardware Installation Guide
OL-20326-01
Chapter 4 Configuring High Availability (HA)
Installing a Clean Access Manager High Availability Pair
Figure 4-4
illustrates a sample configuration.
Figure 4-4
Clean Access Manager Example High-Availability Configuration
The Clean Access Manager high-availability mode is an Active/Passive two-server configuration in
which a standby Clean Access Manager machine acts as a backup to an active Clean Access Manager
machine. While the active CAM carries most of the workload under normal conditions, the standby
monitors the active CAM and keeps its data store synchronized with the active CAM’s data.
If a failover event occurs, such as the active CAM shuts down or stops responding to the peer’s
“heartbeat” signal, the standby assumes the role of the active CAM.
When first configuring the HA peers, you must specify an HA-Primary CAM and HA-Secondary CAM.
Initially, the HA-Primary is the active CAM, and the HA-Secondary is the standby (passive) CAM, but
the active/passive roles are not permanently assigned. If the primary CAM goes down, the secondary
(standby) becomes the active CAM. When the original primary CAM restarts, it assumes the backup role.
Note
If
both
the HA-Primary and HA-Secondary CAMs in your HA deployment lose their configuration, you
can restore the system using the guidelines in the “Restoring Configuration from CAM
Snapshot—HA-CAM or HA-CAS” section of the
Cisco NAC Appliance - Clean Access Manager
Configuration Guide, Release 4.8(3)
.
When the Clean Access Manager starts up, it checks to see if its peer is active. If not, the starting CAM
assumes the active role. If the peer is active, on the other hand, the starting CAM becomes the standby.
You can configure two Clean Access Managers as an HA pair at the same time, or you can add a new
Clean Access Manager to an existing standalone CAM to create a high-availability pair. In order for the
pair to appear to the network as one entity, you must specify a
Service IP Address
to be used as the
trusted interface (eth0) address for the HA pair. This Service IP address is also used to generate the SSL
certificate.
To create the Heartbeat UDP Interface link over which HA information is exchanged, you connect the
eth1 ports of both CAMs and specify a private network address not currently routed in your organization
(the default Heartbeat UDP interface IP address is 192.168.0.252). The Clean Access Manager then
creates a private, secure two-node network for the eth1 ports of each CAM to exchange UDP heartbeat
traffic and synchronize databases.
Service IP
eth1
eth1
(specify
network portion
of address in
- UDP heartbeat
- DB sync
10.201.2.102
eth0
eth0
Address
web console)
10.201.2.100
10.201.2.101
192.168.0.254
192.168.0.253
trusted
network
195812
192.168.0.252
Heartbeat UDP
Interface
Secondary CAM
rjcam_2
Primary CAM
rjcam_1
(Optional)
Heartbeat UDP
Interface 2 or 3
Содержание NAC-3310
Страница 8: ...Contents 6 Cisco NAC Appliance Hardware Installation Guide OL 20326 01 ...
Страница 172: ...A 4 Cisco NAC Appliance Hardware Installation Guide OL 20326 01 Appendix A Open Source License Acknowledgements Notices ...
Страница 176: ...Index IN 4 Cisco NAC Appliance Hardware Installation Guide OL 20326 01 ...