Configuring High Availability

Genians can be set up using two Appliances in a active/standby configuration, one acting as a primary while the other as a secondary. These two Appliances communicate with each other to synchronize data and will failover from one to the other in the event of a system failure.

  • Group – VRRP Group ID
  • Linkupdelay – Time to wait until interface is activated
  • No-Virtual-Mac – Does not convert MAC Address info to Virtual-MAC when switching to Master
  • Nopreempt – Device as Master takes precedence regardless of priority
  • Priority – Priority Value. Highest Value is Master
  • Timeout – Wait time for VRRP packet loss
  • Virtual-IP – Shared IP for devices and UI

Serial Connection to Server if SSH is not established

  • Protocol: Serial
  • Port: COM1
  • Baud Rate: 115200 (9600 for Mini-PC)
  • Data Bits: 8
  • Parity: None
  • Stop Bits: 1

How to configure Servers for High Availability

  1. Connect to each Server by connecting to Command Line Interface
  2. Run a show configuration to see current configuration. (Record Master Server device-id as this needs to be the same on both Policy Servers)
  3. Enter Global Config mode: config terminal
  4. On each Server enter the following configurations:

Master Policy Server

1. Interactive Wizard
2. Manual Configuration

Select installation type: 2

Enter administrator username (4-31 characters) [admin]: admin

# Password must contain at least one alphabet, number and special character
Enter administrator password (minimum 9 characters): *********
Re-enter Password:

Welcome to Genian NAC
Username: admin
Password:
The privileged EXEC mode password is the same as the console login password.
For security reasons please change your password.

Type ‘enable’ to access privileged EXEC mode for password change.
genian> en
Password:

genian(config)# hostname MASTER
MASTER(config)# interface eth0 address [IP address] [Subnetmask]
MASTER(config)# interface eth0 gateway [Gateway]
MASTER(config)# ip default-gateway [Gateway]
MASTER(config)# ip name-server [DNS]
MASTER(config)# data-server username [username]
MASTER(config)# data-server enable
MASTER(config)# data-server password [password]
MASTER(config)# data-server access-list [Admin IP]
MASTER(config)# data-server replica serverid 1
MASTER(config)# data-server replica enable
MASTER(config)# log-server cluster-name [cluster-name]
MASTER(config)# log-server enable
MASTER(config)# log-server cluster-peers [Policy Server IP]
MASTER(config)# interface eth0 management-server enable
MASTER(config)# interface eth0 node-server enable
MASTER(config)# interface eth0 ha priority 200
MASTER(config)# interface eth0 ha group 20
MASTER(config)# interface eth0 ha linkupdelay 30
MASTER(config)# interface eth0 ha nopreempt enable
MASTER(config)# interface eth0 ha timeout 20
MASTER(config)# interface eth0 ha virtual-ip [Virtual IP]

MASTER(config)# show configuration
cli-pass change interval 0D
cli-pass history num 0
cli-pass minimum age 0D

data-server enable
data-server password ******
data-server replica enable
data-server replica serverid 1
data-server username root

device-id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx (*Use same device-id for both Policy Servers*)

hostname MASTER

interface eth0 address [IP address] [Subnetmask]
interface eth0 gateway [Gateway]
interface eth0 ha group 20
interface eth0 ha linkupdelay 30
interface eth0 ha nopreempt enable
interface eth0 ha priority 200
interface eth0 ha timeout 20
interface eth0 ha virtual-ip [Virtual IP]
interface eth0 management-server enable
interface eth0 node-server enable

ip default-gateway 172.29.20.1
ip name-server 8.8.8.8

log-server enable
log-server cluster-name GENIAN
log-server cluster-peers 172.29.20.12

Slave Policy Server

1. Interactive Wizard
2. Manual Configuration

Select installation type: 2

Enter administrator username (4-31 characters) [admin]: [Admin ID]
# Password must contain at least one alphabet, number and special character
Enter administrator password (minimum 9 characters):
Re-enter Password:

Welcome to Genian NAC
Username: [Admin ID]
Password:
The privileged EXEC mode password is the same as the console login password.
For security reasons please change your password.

Type ‘enable’ to access privileged EXEC mode for password change.
genian> en
Password:

genian(config)# hostname SLAVE
genian(config)# device-id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx (From Master server)
SLAVE(config)# interface eth0 address [IP address] [Subnetmask]
SLAVE(config)# interface eth0 gateway [Gateway]
SLAVE(config)# ip default-gateway [Gateway]
SLAVE(config)# ip name-server [DNS]
SLAVE(config)# data-server username [username]
SLAVE(config)# data-server enable
SLAVE(config)# data-server password [password]
SLAVE(config)# data-server access-list [Admin IP]
SLAVE(config)# data-server replica serverid 2
SLAVE(config)# data-server replica enable
SLAVE(config)# data-server replica masterhost [Master DB IP]
SLAVE(config)# data-server replica username [username]
SLAVE(config)# data-server replica password [password]
SLAVE(config)# log-server cluster-name [Cluster name]
SLAVE(config)# log-server enable
SLAVE(config)# log-server cluster-peers [Policy Server IP]
SLAVE(config)# interface eth0 management-server enable
SLAVE(config)# interface eth0 node-server enable
SLAVE(config)# interface eth0 ha priority 100
SLAVE(config)# interface eth0 ha group 20
SLAVE(config)# interface eth0 ha linkupdelay 30
SLAVE(config)# interface eth0 ha nopreempt enable
SLAVE(config)# interface eth0 ha timeout 20
SLAVE(config)# interface eth0 ha virtual-ip [Virtual IP]

SLAVE(config)# show configuration
cli-pass change interval 0D
cli-pass history num 0
cli-pass minimum age 0D


data-server enable
data-server access-list [Admin IP]
data-server password ******
data-server replica enable
data-server replica masterhost [Master DB IP]
data-server replica password ******
data-server replica serverid 2
data-server replica username [username]
data-server username [username]

device-id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

hostname SLAVE

interface eth0 address [IP address] [Subnetmask]
interface eth0 gateway [Gateway]
interface eth0 ha group 20
interface eth0 ha linkupdelay 30
interface eth0 ha nopreempt enable
interface eth0 ha priority 100
interface eth0 ha timeout 20
interface eth0 ha virtual-ip [Virtual IP]
interface eth0 management-server enable
interface eth0 node-server enable

ip default-gateway [Gateway]

log-server enable
log-server cluster-name [Cluster name]
log-server cluster-peers [Policy Server IP]

Master Sensor

device-id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

interface eth0.10 address [IP address] [Subnetmask]
interface eth0.10 gateway [Gateway]
interface eth0.10 ha group 100
interface eth0.10 ha priority 200
interface eth0.11 address [IP address] [Subnetmask]
interface eth0.11 gateway [Gateway]
interface eth0.11 ha group 110
interface eth0.12 address [IP address] [Subnetmask]
interface eth0.12 gateway [Gateway]
interface eth0.12 ha group 120
interface eth0 vlan 10,11,12
ip default-gateway [Gateway]
ip name-server [DNS]

node-server ip [Policy Server IP]

SLAVE Sensor

device-id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

interface eth0.10 address [IP address] [Subnetmask]
interface eth0.10 gateway [Gateway]
interface eth0.10 ha group 100
interface eth0.10 ha priority 100
interface eth0.11 address [IP address] [Subnetmask]
interface eth0.11 gateway [Gateway]
interface eth0.11 ha group 110
interface eth0.12 address [IP address] [Subnetmask]
interface eth0.12 gateway [Gateway]
interface eth0.12 ha group 120
interface eth0 vlan 10,11,12
ip default-gateway [Gateway]
ip name-server [DNS]

node-server ip [DNS]

How to test DB replication

——————MASTER—————-
MASTER(config)# superadmin [Admin ID] [password] [email address]
MASTER# show superadmin
[Admin ID]

——————SLAVE—————–
SLAVE# show superadmin
[Admin ID]