Security

Reply
MVP
Posts: 432
Registered: ‎07-26-2011

Server Fail Through

I have a question regarding server fail through when using a server group. I understand that server fail through is only enabled when termination is happening on the controller. Say for instance however you do not have termination on the controller enabled but server fail through is enabled on the server group. Within the sever group is a RADIUS server (1st) and InternalDB (2nd). If I have a guest user authenticating against the InternalDB in this group


Am I correct in thinking that the server fail through will be ignored in this instance since termination is not configured and will both auth servers be ignored Or will the request be sent to the RADIUS and thats it.?

ACMA, ACMP
If my post addresses your query, give kudos:)
Aruba
Posts: 1,644
Registered: ‎04-13-2009

Re: Server Fail Through

You can use fail through on a server group whether you are terminating on the controller or not; it works either way.    It is typically not enabled when the two servers are from the same directory source; for example two RADIUS servers point to the same AD.  But if you have two differing sources of users, then fail through can be enabled regardless of the termination setting.

 

In your example, the authentication attempt will be tried against the RADIUS server (1).....that request will fail as that user doesn't exist (assuming they don't exist)....it will then try the Internal DB.

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

MVP
Posts: 432
Registered: ‎07-26-2011

Re: Server Fail Through

Brilliant that's what I thought, I read someone that fail through only works with 802.1x but guess that was wrong...

ACMA, ACMP
If my post addresses your query, give kudos:)
Super Contributor II
Posts: 1,124
Registered: ‎07-13-2010

Re: Server Fail Through

In this scenario, for every guest connection attempt, your radius server will receive a transaction and send a deny. Depending on how many people can see this SSID it might put a drastic load on your radius server. 

 

I know if we did this, the security group would be screaming at us. We have 50/50 employees/guests on our WLAN. This would double our RADIUS farm load.

 

Just a thought.  

Sean Rynearson | Chief Airhead
Aruba, a Hewlett Packard Enterprise Company
Search Airheads
Showing results for 
Search instead for 
Did you mean: