cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
407
Views
0
Helpful
5
Replies

NAC High Availability: Users getting disconnected during failover

Daniela Herrera
Level 1
Level 1

Hi,

We have a pair of CAS in in-band virtual-gateway mode in high availability mode.

We are still running some tests but we have noticed that the clients are losing connectivity during the failover.

* The service ip is always active (never stops responding pings).

* The stand-by CAS becomes active immediatly after we shut down the primary, we see it on the CAM.

* The client however looses connectivity with the internal network for almost two minutes.

I'm guessing this isn't normal, but would like to know what is the expected behaviour on this.

Thanks and regards,

5 Replies 5

Daniela Herrera
Level 1
Level 1

Any ideas??

We noticed this only happens when failing over from the CAS configured as secondary to the primary CAS. The client still appears as certified but has no longer access to the network for around 2 minutes.

When we failover from the primary to the secondary CAS the client stays connected without losing connectivity.

Is this an expected behaviour???

Regards,

could be a spanning tree issue perhaps. is portfast enabled where the CAS's connect?

Thanks!

It's not enabled since our ports are in mode trunk. What's the recommendation to have it enabled or disabled?

Thanks!

We configured another pair today and we are noticing the same behaviour, however it seems random... sometimes the user barely looses connection, other times it will take from 2-5 minutes for it to come back.

We are only using eth2 for the failover link since we only have one serial port.

When we test we make sure both servers are up and then we reboot the primary. The secondary becomes active immediately. When both are up again we repeat the process.

any other ideas? something we should check?

Thanks!

Hi!

any other ideas on this will be greatly appreciated.

It seems a problem only with the communication between the user and the CAS, since the failover is detected immediatly by the CAM and the CAS service (virtual) ip address is always reachable.

thanks!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: