[f-nsp] ServerIron E-1 and radius
Pshem Kowalczyk
pshem.k at gmail.com
Tue Oct 17 02:21:02 EDT 2006
Hi,
I'm completly new to ServerIrons, but i browsed through the archives,
used google and still can't find the answer, so if the question has
been already asked - please just point me in the right direction.
We're building a farm of radius proxies. ATM there is only one
ServerIron (switching image):
SLB-SSH at akl-grafton-slb1#show ver
SW: Version 09.3.00aTD2 Copyright (c) 1996-2003 Foundry Networks, Inc.
Compiled on Apr 25 2005 at 21:28:12 labeled as WXM09300a
(3716791 bytes) from Primary WXM09300a.bin
HW: ServerIronGT E-1 Switch, SYSIF version 21, Serial #: Non-exist
==========================================================================
SL 1: B0GMR WSM2 Management Module, SYSIF 2, M6, ACTIVE
Serial #: CH18052168
0 MB SHM, 1 Application Processors
16384 KB BRAM, SMC version 5, BM version 21
SW: (1)09.3.00aTF2
==========================================================================
Currently we have the following design:
SLB has 3 connected interfaces 1 - vlan 10, 2 - vlan 15 and 24 - management
Actual servers live in vlan 10 (ips from 10.119.10.0/24), plus have
dummy interfaces from vlan 15 (10.119.15.3/32). Clients are spread in
the 10.0.0.0/8 space.
So the requests comes to the 15.3 adddress and then should be
redirected to the real server, on a different interface, but that
doesn't happend
currently the config looks like this:
server real akl-grafton-radproxy1 10.119.10.23
weight 100 0
port radius
port radius keepalive
!
server real akl-grafton-radproxy2 10.119.10.24
weight 100 0
port radius
port radius keepalive
!
!
server virtual akl-grafton-slbradius1 10.119.15.3
port radius
port radius dsr
bind radius akl-grafton-radproxy1 radius akl-grafton-radproxy2 radius
!
vlan 10 by port
untagged ethe 3/1
!
vlan 15 by port
untagged ethe 3/2
vlan 2 name Management by port
untagged ethe 3/24
I can ping the 10.119.15.3 address fine from everywhere, slb does the
keepalive checks on the radius servers without any problems, but when
I try to do a radius check (port 1812) from anywhere - i get a
timeout.
the other thing is that the logs report problems with the real servers:
Oct 17 19:14:06:N:L4 server 10.119.10.24 akl-grafton-radproxy2 port 1812 is up
Oct 17 19:14:06:N:L4 server 10.119.15.3 akl-grafton-slbradius1 port
1812 is up. SERVICE UP
Oct 17 19:14:06:N:L4 server 10.119.10.23 akl-grafton-radproxy1 port 1812 is up
Oct 17 19:13:54:N:L4 server 10.119.15.3 akl-grafton-slbradius1 port
1812 is down. SERVICE DOWN
Oct 17 19:13:54:N:L4 server 10.119.10.23 akl-grafton-radproxy1 port
1812 is down due to healthcheck
Oct 17 19:13:49:N:L4 server 10.119.10.24 akl-grafton-radproxy2 port
1812 is down due to healthcheck
Oct 17 19:13:31:N:L4 server 10.119.10.24 akl-grafton-radproxy2 port 1812 is up
Oct 17 19:13:26:N:L4 server 10.119.15.3 akl-grafton-slbradius1 port
1812 is up. SERVICE UP
Oct 17 19:13:26:N:L4 server 10.119.10.23 akl-grafton-radproxy1 port 1812 is up
Oct 17 19:13:14:N:L4 server 10.119.15.3 akl-grafton-slbradius1 port
1812 is down. SERVICE DOWN
Oct 17 19:13:14:N:L4 server 10.119.10.23 akl-grafton-radproxy1 port
1812 is down due to healthcheck
Oct 17 19:13:09:N:L4 server 10.119.10.24 akl-grafton-radproxy2 port
1812 is down due to healthcheck
which is really weird, as the radius servers reply straightaway to all queries.
network layout:
vlan 10 - flat vlan between the slb, servers and a default gateway (router1)
vlan 15 - flat vlan between the slb and default gateway(router1)
Thank you for any hints
pshemko
More information about the foundry-nsp
mailing list