Filter
Top Products
12-6
Cisco NAC Guest Server Installation and Configuration Guide
OL-15986-01
Chapter 12 Replication and High Availability
Deployment Considerations
Depending on the amount of activity that your Cisco NAC Guest Server performs you need to make sure
that there is enough bandwidth between the server to enable synchronization to occur as rapidly as
possible.
You can test connectivity by creating a large amount of accounts and watching how quickly the
appliances synchronize by watching the status on the replication screen (
Figure 12-3).
Load Balancing
Web Interface
Sponsor and Administration sessions can be services by both Cisco NAC Guest Servers when configured
for replication. The Cisco NAC Guest Server however does not perform any redirection or automatic
load balancing of requests.
To enable requests to both Cisco NAC Guest Servers concurrently, you must implement an external load
balancing mechanism. Options include:
• Network based Load Balancing—such as the Cisco CSS, GSS, CSM or ACE platforms. The only
requirement for the load balancing is that clients are services by the same Cisco NAC Guest Server
for their entire session. Individual requests cannot be load balanced between servers as the Cisco
NAC Guest Server doesn’t replicate sponsor/admin session information to reduce bandwidth
requirements. The most common method of achieving this is sticking connections to the same Cisco
NAC Guest Server based upon source IP address.
• DNS Round robin—Using your DNS server, configure the domain name of the Cisco NAC Guest
Server to return both IP addresses for the Cisco NAC Guest Server in a round-robin configuration.
This method does not provide failover between appliances in the event of a failure.
• Publishing multiple URLs—This allows each user to choose which server they would like to use.
RADIUS Interface
The RADIUS interface on either Cisco NAC Guest Server can take requests at the same time.
Cisco recommends configuring one Cisco NAC Guest Server to be the primary for some RADIUS clients
and the other Cisco NAC Guest Server to be the primary for the other RADIUS clients. For failover the
RADIUS clients can have secondary RADIUS servers defined as the other Cisco NAC Guest Server if
they support configuration of two servers.