Clarification: I have to add both the peer MACs as well as the virtual MAC to prevent a split-brain situation. Unfortunately, adding the virtual seems to allow all clients to fully bypass the CP page and get straight outside.
Just the peer MACs and an 'allow to IP' CP entry works for redirecting clients to the login page, but each node thinks it's the master of the cluster and logging in just redirects the user back to the CP page and no one gets out. On Dec 7, 2007 10:48 AM, RB <[EMAIL PROTECTED]> wrote: > I feel like I'm missing something, but here goes. > > As prior posted, I have an HA cluster routing for a client subnet. > When I enable the captive portal, I have to add each peer's MAC into > the pass-thru MAC table; that's fine, as it allows CARP to continue > working (otherwise we get a split-brain situation). The problem now > is that the clients can't access the virtual IP for DNS/routing, etc. > If I add the virtual MAC in to the CP-allow table, clients pass > through without ever seeing the CP, but if it's not there they can't > even reach DNS. Of course, they can always reach port 8000, but... > > Any hope? I know there's got to be something I'm not thinking of, but > have been poking at this for a day now and am coming up with nothing. > > > RB > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
