Security

I have created a radius server group on our 2930M switch 

radius-server host 192.168.184.37 key "test"

radius-server host 192.168.184.57 key "test"

aaa server-group radius "RADIUS-GRP1" host 192.168.184.37
aaa server-group radius "RADIUS-GRP1" host 192.168.184.57
aaa authentication port-access eap-radius server-group "RADIUS-GRP1"
aaa port-access authenticator

But when I stop the NPS service on the 192.168.184.37 to test, ports are then blocked by AAA but should the second server 192.168.184.57 take over?

I 06/07/19 10:59:12 00435 ports: ST1-CMDR: port 2/25 is Blocked by AAA
I 06/07/19 10:59:09 00077 ports: ST1-CMDR: port 2/25 is now off-line
I 06/07/19 10:58:36 00421 radius: ST1-CMDR: Can't reach RADIUS server 192.168.184.37q

I'm running software WC.16.08.0002

Greetings!

When you run 'show radius' on the switch, what do you have listed for the Deadtime, Timeout, and Retransmit Attempts values? These will determine how long the switch will wait after a RADIUS server stops responding before moving on to the next server in the group.

Thanks for your response, the dead timer was set to 0

Deadtime (minutes) : 0
Timeout (seconds) : 5
Retransmit Attempts : 3

I changed this to 5, am I right in thinking that this will check the state of the Radius servers every 5 minutes then if there is no response after that time it will move the authentication to the next server automatically, if that is the case shoud l the dead time interval be set to 1 to stop 5 mins of downtime?

That would be my recommendation.