Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

RADIUS Load Balancing - Kinda'

This thread has been viewed 2 times

  • 1.  RADIUS Load Balancing - Kinda'

    Posted Sep 11, 2013 03:09 PM

    Hi,

     

    I'm a long time listener, but first time caller.

     

    Many wireless products list RADIUS servers in a primary/back-up arrangement where the primary is used whenever available, and the back-up is only used when the primary is unavailable.  Aruba uses server groups, with no explicit primary/back-up relationship.  That said, it appears that the controllers use the first server in the list and only moves down the list if the ones above it are unavailable - an implied primary/back-up arrangement..

     

    Is there any way to get the controllers to spread auth around the server group instead of sending everything to the first server in the list?

     

    Thanks,

     

    Chuck Enfield

    Manager, Wireless Systems & Engineering

    Penn State



  • 2.  RE: RADIUS Load Balancing - Kinda'

    Posted Sep 11, 2013 03:15 PM
    Load balancing AAA servers is on the roadmap. I can't say exactly when it will show up, but it is something they are going to do. You're local SE can probably give you more details.


  • 3.  RE: RADIUS Load Balancing - Kinda'

    Posted Mar 09, 2014 11:05 AM
    @olino wrote:
    Load balancing AAA servers is on the roadmap. I can't say exactly when it will show up, but it is something they are going to do. You're local SE can probably give you more details.

    is this the virtual IP that got added in 6.3 or is there more to expect?



  • 4.  RE: RADIUS Load Balancing - Kinda'

    EMPLOYEE
    Posted Sep 11, 2013 10:29 PM
    You can always use a loadbalancer


  • 5.  RE: RADIUS Load Balancing - Kinda'

    Posted Sep 11, 2013 11:40 PM

    What RADIUS server are you using?   You could consider setting up a RADIUS Proxy and distributes authentications to other servers.     In your server group, you could define the Proxy as #1 and your physical servers as #2 and #3 in the event the Proxy is down.

     

    I've set this up using NPS in the past.



  • 6.  RE: RADIUS Load Balancing - Kinda'

    Posted Sep 12, 2013 08:45 AM

    Thanks.  We're familiar with things we can do to the server infrastructure.  I was hoping there was a quick change we could make on the controllers to mitigate a problem we're having until the servers can be properly dealt with.

     

    Chuck



  • 7.  RE: RADIUS Load Balancing - Kinda'

    MVP
    Posted Mar 09, 2014 12:41 PM

    Probably the best thing you can do is create 2 server-groups (containing the same servers in inverse order)  and apply those 2 server-groups to different ap-groups.

    This offcourse is far from perfect but you should be able to divide the load alot better.



  • 8.  RE: RADIUS Load Balancing - Kinda'

    EMPLOYEE