Security

I have a question regarding server fail through when using a server group. I understand that server fail through is only enabled when termination is happening on the controller. Say for instance however you do not have termination on the controller enabled but server fail through is enabled on the server group. Within the sever group is a RADIUS server (1st) and InternalDB (2nd). If I have a guest user authenticating against the InternalDB in this group

Am I correct in thinking that the server fail through will be ignored in this instance since termination is not configured and will both auth servers be ignored Or will the request be sent to the RADIUS and thats it.?

You can use fail through on a server group whether you are terminating on the controller or not; it works either way.    It is typically not enabled when the two servers are from the same directory source; for example two RADIUS servers point to the same AD.  But if you have two differing sources of users, then fail through can be enabled regardless of the termination setting.

In your example, the authentication attempt will be tried against the RADIUS server (1).....that request will fail as that user doesn't exist (assuming they don't exist)....it will then try the Internal DB.

Brilliant that's what I thought, I read someone that fail through only works with 802.1x but guess that was wrong...

In this scenario, for every guest connection attempt, your radius server will receive a transaction and send a deny. Depending on how many people can see this SSID it might put a drastic load on your radius server. 

I know if we did this, the security group would be screaming at us. We have 50/50 employees/guests on our WLAN. This would double our RADIUS farm load.

Just a thought.