[cisco-nas] radius 12.3 config - Reorder on Failure
Anastassios Chatzithomaoglou
achatz at forthnet.gr
Mon Jun 23 20:58:22 EDT 2003
After reading
http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps5187/products_feature_guide09186a008017d10c.html
although i didn't understand quite easily and fully the "Reorder on Failure" concept, i
decided to try that using the following config on a 5350 (12.3(1)):
!-----------------------------
aaa group server radius RADIUS-SERVERS
server 1
server 2
deadtime 5
!
radius-server retry method reorder
radius-server transaction max-tries 3
radius-server retransmit 3
radius-server timeout 15
!-----------------------------
I would like your help on the following scenario:
Let's suppose that both radius work fine, so radius 1 is currently being used.
Suddenly radius 1 stops working and a dialup user tries to authenticate.
What will happen next if:
a) radius 2 works fine and radius 1 starts working after 1 sec (my case)
b) radius 2 works fine and radius 1 starts working after 6 mins
c) radius 2 doesn't work too but radius 1 starts working immediately
d) radius 2 doesn't work too and radius 1 starts working after 1 sec
e) radius 2 doesn't work too and radius 1 starts working after 6 mins
I have enabled "debug aaa sg-server-selection" and i'm getting quite a lot of these
messages that worry me:
Jun 23 19:46:11.445: AAA/SG/SERVER_SELECT Server (x.x.x.x:1812,1813) marked dead. Skipping.
Also, what would be the preferred config if i wanted to have radius 1 used mainly and
radius 2 used only (and that for only 5 mins (max)) when radius 1 had problems?
--
***********************************
Chatzithomaoglou Anastasios
Network Design & Operations Center
FORTHnet S.A.
<achatz at forthnet.gr>
***********************************
More information about the cisco-nas
mailing list