Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Best UAC Cluster design

pirata_
New Contributor
‎03-06-2012 06:50:AM
‎03-06-2012 06:50:AM

Best UAC Cluster design

Hi All

I would to know best possible cluster options available for 2 member cluster (IC4500) in different subnets. My understanding I can not even do this in an Active/Passive setup. My setup is:

2x IC4500 (10.1.10.10 and another 10.2.10.10) High speed microwave connection (100Mbs)

- device connected to the internal ports (ext ports not used at all)

A bunch of Cisco 2960 switches for 802.1x auth

No load-balancer (trying to get one)

Using OAC ( could have used pulse, but not sure about role-baled resources when I purchase a SRX FW next month)

I have created OAC and it's working fine, so is the policy defined. But I want redundancy in case one fails, now I use VLANs at the moment put users in the correct group and I have a guest VLAN.

Problem:

I wanted to setup a cluster where I can use a VIP so switches can the failover is automatic, but I cannot assign an IP address to the VIP in UAC 4.1R7 (maybe because I am on seperate subnets).

What would be the best setup for my scenario, other recommendation I suppose might be to put both IP devices on the switches, so the switches checks if any of the devices is alive, not sure if this is ideal

0 Kudos
4 REPLIES 4
Raveen_
Regular Contributor
‎03-06-2012 06:47:PM
‎03-06-2012 06:47:PM

Re: Best UAC Cluster design

Hi Pirata,

To run a two-unit cluster in active/passive mode, the IC Series devices must reside on the same subnet.

IC devices on different subnet is not a supported scenario, and this is documented in IC admin guide.

Please refer: Chapter 19 of admin guide(page no:575)

Regards,
Raveen

Note: You could mark this post as 'accepted solution' if this answers your question that way it might help others as well, a kudo would be a bonus thanks!!

0 Kudos
Winston_
Occasional Contributor
‎03-07-2012 04:12:AM
‎03-07-2012 04:12:AM

Re: Best UAC Cluster design

hi,

With regard to clustering, it is recommended to deploy both the devices in the same locaiton (LAN) and not over WAN. In this case you can configure as Active/ Passive in the same subnet and use the VIP for failover.

If you are deploying the devices across the WAN with different subnet, then the easy option available for failover is asl follows;

Configure all the switches in the respective locaiton with two radius server; The first radius server should be the one closest to the switch.

Note: Recommended to deploy in the same location if possible...

regards

Winston

0 Kudos
pirata_
New Contributor
‎03-07-2012 11:55:PM
‎03-07-2012 11:55:PM

Re: Best UAC Cluster design

Hi Raveen

My apologies, I figured that was not possible so reconsider my setup using active/active setup which what I have running at the moment.

Thanks Winston

To both of you:

I am using active/active across the 2 subnets. I will be using OAC on the clients, Would you then recommend to put 2 Infranet Controllers in the OAC configuration or rather just put the 2 Radius servers on every switch in my environment?

many thanks.

Pirata

0 Kudos
Winston_
Occasional Contributor
‎03-08-2012 08:29:AM
‎03-08-2012 08:29:AM

Re: Best UAC Cluster design

If you want to have enforcement at Layer-2 then adding two infranet controller does not add any value to the configuraiton. You have to enable two radius server in the switch.

Adding two radius server as a infranet controller enforce at Layer3 not at Layer2 becuase it requires an IP Address to have access to the Infranet Controller;

Hope this clarifies your question;

Let me know for any clarifications.

regards

Winston

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.