A server is marked down when it reaches timeout*retries seconds. That server is marked out of service and then the next server in the list is tried after that. Each server has a timeout and a retries definition. That is what is used. If there is only a single server in a server group, it is never taken out of service.
Look at "show aaa authentication-server radius statistics" to see timeouts for various servers.
When traffic is sent to a foreign eduroam school, there is frequently timeouts based on traffic lost in transit or if there are timeout issues. I would only focus on timeouts that are in your own domain.
------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------
Original Message:
Sent: Dec 07, 2021 06:50 PM
From: Bill Thompson
Subject: Question on Radius timing
Sigh. Note to self: never post when tired. And whenever and wherever possible, try not to muddle DHCP and 802.1X. And yet, here I did.
I've taken the liberty of adjusting the Subject: in failing hopes of greater accuracy.
Radius is the question. DHCP is not the question. DHCP photobombed my question.
So, trying again, and with screenshots as requested (please ignore radius-3-eduroam for now. Focus is on radius-1 and radius-2. Or was supposed to be when I started.)
In ArubaOS configuration, under Wireless LAN > AAA, when an 802.1X Authentication Group is defined with multiple Radius servers, if the first server defined becomes unreachable, what is the timer or number of attempts before an effort is made to try a second defined server?