CAS redundancy

Unanswered Question
Jan 13th, 2010
User Badges:


I’m going to implement CAS for two central locations and branches connected via WAN. It will be L3 OOB deployment, one redundant CAS pair will be located in first central location and one redundant CAS pair will be located in second central location.

Is it possible to configure two NAC servers (I mean two redundant pairs) in NAC agent for users located on branches? E.g. by preparing appropriate XML configuration file for NAC agent (how exactly two IP address has to be written in this file? ).

If first redundant pair of CAS will not be available for NAC agent, how second redundant CAS pair will be chosen by agent (automatically or manually by user)?

Ladislav Nemec

Consulting System Engineer

CCIE No. 8821

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Faisal Sehbai Thu, 01/14/2010 - 07:34
User Badges:
  • Gold, 750 points or more


I don't think that's the way it will work. The NAC agent doesn't know of your CASs. It only sends out traffic to a host that you define as a discovery host every five seconds and whichever CAS is in the way of that traffic will intercept and process it. The purpose of the discovery host is to generate traffic towards your trusted network, so it could get intercepted by the CAS.

If you want a separate pair to handle your traffic when the first pair goes down, you will have to arcitecht your network in a way that the traffic from the subnets that have the broken CAS flow through the other CAS's network. How? I don't know, and depends a lot on how your network is layed out!




This Discussion

Related Content