- Bronze, 100 points or more
I am currently in the process of putting together an LLD for quite a large campus L2 OOB Virtual Gateway NAC deployment.
I wanted to check something simple at this early stage which is not clear from the docs I have read so far. Can you only have a single CAM HA pair manage all the CAS's in a deployment? Or can you have more than 1 CAM HA pair control all the SNMP communication to flip the VLAN's on the user switches?
I ask this for a good reason.
Cisco officially recommends that CAM HA pairs are not geographically seperated. I have a situation where I have 2 DC's where I can place CAM devices as well as at the campus site where the users are.
The choice of placement could involve having the HA pair split between the 2 DC's with a layer 2 network in between for HA comms. (Not Cisco recommended)
If I stick to CAM HA guidelines I could do the following;
Put the CAM HA pair in the user campus location in different main equipment rooms.
Put a CAM HA pair in a single DC. (Therefore the CAM HA pair could not survive a DC site failure)
Put CAM HA pairs in both DCs (Which is why I asked my initial question above having more than 1 CAM HA pair in a deployment)
Obviously I am not familar with NAC deployments however I have read up on the topic over the last month and would appreciate some assistance from any of you that do this kind of thing day in day out.