Controller Based WLANs

Server load balancing for Radius Accounting request
Requirement:

The purpose of this feature is to let Aruba Mobility Controller also to do load balancing of accounting requests destined to external authentication servers.

 



Solution:

By default, RADIUS accounting packets for all clients hits the first server in the server-group. Other servers listed in the same server group are used in sequential order, only if the first server goes down for some reason. Starting 6.5.1.0, Server Load balancing feature distributes Radius accounting packets among the active servers in server group. When load balance knob is enabled in the Auth server group, it also enables radius accounting load balance. This feature relies on Auth server load balancing algorithm to achieve accounting load balancing.

 



Configuration:

 

(Aruba7210) (config) #aaa server-group test
(Aruba7210) (Server Group "test") #auth-server  win2008
(Aruba7210) (Server Group "test") #auth-server  win2012
(Aruba7210) (Server Group "test") #auth-server  cppm
(Aruba7210) (Server Group "test") # load-balance

(Aruba7210) (config) #aaa profile testaaa
(Aruba7210) (AAA Profile "testaaa") #dot1x-server-group test
(Aruba7210) (AAA Profile "testaaa") #radius-accounting test

 

In some cases, WLAN admin might be willing to have separate server-groups for dot1x authentication and accounting. In such scenario, ensure the Load balancing knob is enabled in the server group that's configured separately for Radius Accounting as well. 

 

(Aruba7210) (config) #aaa profile TESTaaa
(Aruba7210) (AAA Profile "TESTaaa") #dot1x-server-group test
(Aruba7210) (AAA Profile "TESTaaa") #radius-accounting test123  -> Server group for radius accounting is different from dot1x server-group.

 

Separate Server-Group for Radius Accounting 

(Aruba7210) (config) #aaa server-group test123
(Aruba7210) (Server Group "test123") #auth-server cppmLab1
(Aruba7210) (Server Group "test123") #auth-server cppmLab2
(Aruba7210) (Server Group "test123") #auth-server cppmLab3
(Aruba7210) (Server Group "test123") # load-balance

 

 

 

 



Verification
(Aruba7210) #show aaa server-group test

Fail Through:No
Load Balance:Yes       >>> Load balance is enabled. This will load balance Radius authentication AND accounting request.

Auth Servers
------------
Name     Server-Type  trim-FQDN  Match-Type  Match-Op  Match-Str
----     -----------  ---------  ----------  --------  ---------
win2008    Radius       No
win2012    Radius       No
cppm       Radius       No

 

 

Version History
Revision #:
2 of 2
Last update:
‎04-23-2017 10:00 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.