CLEANACCESS Archives

November 2010

CLEANACCESS@LISTSERV.MIAMIOH.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: NAC Manager 4.7.2 Failover Issue
From:
Antonio Soares <[log in to unmask]>
Reply To:
Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:
Wed, 17 Nov 2010 21:06:36 -0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (95 lines) 
Thank you all for the contributions. The problem was with the Master Secret.
I received the complete procedure off list:

1) verify the problem comparing these files on both CAMs

more /root/.perfigo/secret
more /root/.perfigo/master

2) service perfigo stop in the secondary

3) copy the files from the primary to the secondary

4) service perfigo start in the secondary


Regards,

Antonio Soares, CCIE #18473 (R&S/SP)
[log in to unmask]

-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[log in to unmask]] On Behalf Of Speight, Howard
Sent: quarta-feira, 17 de Novembro de 2010 18:04
To: [log in to unmask]
Subject: Re: NAC Manager 4.7.2 Failover Issue

1-4 are right on, pay special attention to number 2 since the appliance was
replaced.

Export the Service IP certificate and private key to chain.pem or whatever
you'd like to call it, import chain.pem into Standby.

The only other area to look at is the Failover config and of course make
sure the crossover cable (if you're using one) is plugged into the correct
NIC. If auto eth1, that would be port 2 on the appliance.

3395 and 3355, four ports, 1 is eth0, 2 is eth1, 3 is eth2, 4 is eth3...

When you reboot the standby do you see a db restore start and complete in
the event log?

-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[log in to unmask]] On Behalf Of Rob Chee
Sent: Wednesday, November 17, 2010 12:28 PM
To: [log in to unmask]
Subject: Re: NAC Manager 4.7.2 Failover Issue

Did you create a new license when the new NAC Manager was put into place?

Other common issues
1.  Time not synchronized
2.  Trusted root certificate does not exist on both NAC Managers
3.  Master secret not the same
4.  Wrong MAC address added as the primary (ie The license was added to
the secondary instead of primary NAC manager)


------------------------------------------------------
Rob Chee, CCIE #8188 (R&S and Security)
Senior Network Consultant
Chesapeake NetCraftsmen, LLC.
Company Website:  http://www.netcraftsmen.net
My Blog:  http://www.netcraftsmen.net/resources/blogs/blogger/Rob%20Chee/
Mobile:  571-437-2829
------------------------------------------------------




On 11/17/10 6:52 AM, "Antonio Soares" <[log in to unmask]> wrote:

>Hello group,
>
>I have a situation where the Secondary NAC Manager died and was replaced
>by
>a new one. Everything seemed to be fine but when the Primary is rebooted,
>the Web interface is in restricted mode. Here we see the Primary as Dead
>and
>the Secondary as active. After the Primary comes online, the Web interface
>remains restricted. Now the Primary is standby and the Secondary still
>active. Only after the secondary is rebooted, the Web interface shows the
>normal state. When the Primary is active again.
>
>Any hints of what could be the cause of this ? Maybe licensing problems ?
>
>
>Thanks.
>
>Regards,
>
>Antonio Soares, CCIE #18473 (R&S/SP)
>[log in to unmask]

ATOM RSS1 RSS2