I have created a radius server group on our 2930M switch
radius-server host 192.168.184.37 key "test"
radius-server host 192.168.184.57 key "test"
aaa server-group radius "RADIUS-GRP1" host 192.168.184.37aaa server-group radius "RADIUS-GRP1" host 192.168.184.57aaa authentication port-access eap-radius server-group "RADIUS-GRP1"aaa port-access authenticator
But when I stop the NPS service on the 192.168.184.37 to test, ports are then blocked by AAA but should the second server 192.168.184.57 take over?
I 06/07/19 10:59:12 00435 ports: ST1-CMDR: port 2/25 is Blocked by AAAI 06/07/19 10:59:09 00077 ports: ST1-CMDR: port 2/25 is now off-lineI 06/07/19 10:58:36 00421 radius: ST1-CMDR: Can't reach RADIUS server 192.168.184.37q
I'm running software WC.16.08.0002
When you run 'show radius' on the switch, what do you have listed for the Deadtime, Timeout, and Retransmit Attempts values? These will determine how long the switch will wait after a RADIUS server stops responding before moving on to the next server in the group.
Thanks for your response, the dead timer was set to 0
Deadtime (minutes) : 0Timeout (seconds) : 5Retransmit Attempts : 3
I changed this to 5, am I right in thinking that this will check the state of the Radius servers every 5 minutes then if there is no response after that time it will move the authentication to the next server automatically, if that is the case shoud l the dead time interval be set to 1 to stop 5 mins of downtime?
That would be my recommendation.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.