[c-nsp] aaa group doesn't fail over
Mike
mike-cisconsplist at tiedyenetworks.com
Thu Nov 13 13:27:13 EST 2014
Hi,
On Cisco 7201 with 122-33.SRE7, I have the following:
aaa group server radius radius-pia
server 10.0.1.21 auth-port 1812 acct-port 1813
server 10.0.1.22 auth-port 1812 acct-port 1813
server 10.0.1.23 auth-port 1812 acct-port 1813
deadtime 1
radius-server host 10.0.1.21 auth-port 1812 acct-port 1813 timeout 5
test username servercheck idle-time 1 key none
radius-server host 10.0.1.22 auth-port 1812 acct-port 1813 timeout 5
test username servercheck idle-time 1 key none
radius-server host 10.0.1.23 auth-port 1812 acct-port 1813 timeout 5
test username servercheck idle-time 1 key none
Today, server 10.0.1.21 is dead. In my logs I have:
Nov 13 08:19:05.854 PST: %RADIUS-4-RADIUS_DEAD: RADIUS server
10.0.1.21:1812,1813 is not responding.
However, despite having 3 choices, the cisco continues to try and
send radius requests to the new dead server. I had to manually remove
'server 10.0.1.21 auth-port 1812 acct-port 1813' from the above to force
it to use one of the remaining live hosts (the next one in the list).
Is there something more I need to do to get it to not use a host it
knows for a fact is dead?
Mike-
More information about the cisco-nsp
mailing list