[c-nsp] Backup radius server doesn't work.
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Thu Jul 6 08:04:03 EDT 2006
Sergey Velikanov <Intelsoft> wrote on Thursday, July 06, 2006 1:01 PM:
> Asbjorn Hojmark - Lists wrote:
>>> I m trying one group with 2 radius but problem i m facing that
>>> even if first radius server is responding then also some query
>>> goes to second server and instead of acting as failover it is
>>> acting as a load-balance mode.
>>
>>
>> What I'm saying is that you have configured two groups with
>> one server each. You should instead configure one group with
>> two servers to achieve what you're trying to do.
>
> Is any difference between first & second methods?
yes. configuring two server groups and referencing them in different
methods adds some predictiveness to the picture, i.e. with
aaa authentication login eap_methods group rad_eap1 group rad_eap2
we always ask rad_eap1 first (unless it is marked dead and deadtime is
configured) and then try rad_eap2.
The order we ask when you configure both servers in the same group is
not documented and, as such, indeterministic. In reality, I think we
take the order the "radius-server host x.x.x.x" statements were entered
as order, but you can't take this for granted.
"radius-server retry-method" makes this a bit more complex, check out
the feature doc if you're interested, but in this specific case, I'd
configure two groups..
oli
More information about the cisco-nsp
mailing list