Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAC High Availability doesn't sync

I have 2 CAMs connected to each other as high availabilty. I have configured one as the Master

and the second as the receiver and I use the service IP for the Authorization.and I have followed the

exact steps in the 4.8 configuration guide but the sync failed.what is the problem.

*************** Master Log ***************

Starting policy import/export on Policy Sync Master.

Created dump file for policy: Device Management > Filters > Devices (all Access Types other than ROLE and CHECK)

Created dump file for policy: User Management > User Roles > List of Roles/Schedule

Created dump file for policy: Device Management > Clean Access > Clean Access Agent > Role-Requirements

Created dump file for policy: Device Management > Filters > Devices (Access Type ROLE and CHECK only)

Created dump file for policy: User Management > Traffic Control > IP

Created dump file for policy: User Management > Traffic Control > Host

Created dump file for policy: User Management > Traffic Control > Ethernet

Dump file creation is complete.

Created policy import/export dump file.

No file available for policy sync as large object.

Created  policy import/export header file.

Created policy import/export tar file.

*************** Receiver Log ***************

Starting policy import on Policy Sync Receiver.

Hash value is a match.

Policy Sync Master and Receiver CAM versions match.

The Policy Sync Reciever is not active, Please retry policy sync later.

Failed to store all policies on Policy Sync Receiver.

Receiver failed sync

1 REPLY
Cisco Employee

Re: NAC High Availability doesn't sync

Hi,

You have already asked this question on another thread...so not sure why here again the same question...

Please note that this feature is not meant to be used between 2 CAMs of an HA pair.

As you can see on the config guide:

http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_admin.html#wp1050935,

- All CAMs must run release 4.5 or later to enable Policy Sync.

- On CAM HA-pairs, Policy Sync settings are disabled for the Standby CAM.

So, this means you can use this feature only in active CAMs or Standalone CAMs.

In HA pairs, Only the Active CAM will be active for this feature.

HTH,

Tiago

--

If   this helps you and/or answers your question please mark the question  as  "answered" and/or rate it, so other users can easily find it.

154
Views
5
Helpful
1
Replies