[cisco-nas] radius 12.3 config - Reorder on Failure

Anastassios Chatzithomaoglou achatz at forthnet.gr
Mon Jun 23 20:58:22 EDT 2003


After reading
http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps5187/products_feature_guide09186a008017d10c.html
although i didn't understand quite easily and fully the "Reorder on Failure" concept, i 
decided to try that using the following config on a 5350 (12.3(1)):

!-----------------------------
aaa group server radius RADIUS-SERVERS
  server 1
  server 2
  deadtime 5
!
radius-server retry method reorder
radius-server transaction max-tries 3
radius-server retransmit 3
radius-server timeout 15
!-----------------------------

I would like your help on the following scenario:

Let's suppose that both radius work fine, so radius 1 is currently being used.
Suddenly radius 1 stops working and a dialup user tries to authenticate.

What will happen next if:

a) radius 2 works fine and radius 1 starts working after 1 sec (my case)
b) radius 2 works fine and radius 1 starts working after 6 mins
c) radius 2 doesn't work too but radius 1 starts working immediately
d) radius 2 doesn't work too and radius 1 starts working after 1 sec
e) radius 2 doesn't work too and radius 1 starts working after 6 mins


I have enabled "debug aaa sg-server-selection" and i'm getting quite a lot of these 
messages that worry me:

Jun 23 19:46:11.445: AAA/SG/SERVER_SELECT Server (x.x.x.x:1812,1813) marked dead. Skipping.

Also, what would be the preferred config if i wanted to have radius 1 used mainly and 
radius 2 used only (and that for only 5 mins (max)) when radius 1 had problems?


-- 
***********************************
    Chatzithomaoglou Anastasios
Network Design & Operations Center
           FORTHnet S.A.
       <achatz at forthnet.gr>
***********************************




More information about the cisco-nas mailing list