[c-nsp] Backup radius server doesn't work.
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Thu Jun 29 08:52:30 EDT 2006
Sergey Velikanov <Intelsoft> wrote on Thursday, June 29, 2006 1:27 PM:
> I'am trying backup primary radius server with local radius server on
> aironet 1300
>
> my config is:
>
> aaa group server radius rad_eap <----- primary
> server 192.168.232.254 auth-port 1645 acct-port 1646
>
> aaa group server radius rad_eap_local <------local
> server 192.168.232.3 auth-port 1812 acct-port 1813
>
> aaa authentication login eap_methods group rad_eap group rad_eap_local
>
> interface BVI1
> ip address 192.168.232.3 255.255.255.0
> no ip route-cache
>
> radius-server local
> no authentication eapfast
> no authentication mac
> nas 192.168.232.3 key 7 08351D
> user tess nthash 7
> 0756781A1D5B415043412D2D54087A7C0E666D724B554227580F0F7D71012F273B
>
> If primary server available this forks fine, if I turn off primary
> server then local server can't authenticate user (but if I leave only
> local radius server in eap_methods it also work fine I do it with
> command "aaa authentication login eap_methods group rad_eap_local")
>
> Why it doesn't work if primary server is down?
Not sure. Can you try with a deadtime, i.e. "radius-server deadtime 3"?
This changes the failover algorithm a bit..
"debug radius failover"/"debug aaa sg-server-selection" could provide
more info. Which IOS are you using? I'd contact TAC..
oli
More information about the cisco-nsp
mailing list