Server load balancing for Radius Accounting request

MVP Expert
MVP Expert

The purpose of this feature is to let Aruba Mobility Controller also to do load balancing of accounting requests destined to external authentication servers.



By default, RADIUS accounting packets for all clients hits the first server in the server-group. Other servers listed in the same server group are used in sequential order, only if the first server goes down for some reason. Starting, Server Load balancing feature distributes Radius accounting packets among the active servers in server group. When load balance knob is enabled in the Auth server group, it also enables radius accounting load balance. This feature relies on Auth server load balancing algorithm to achieve accounting load balancing.




(Aruba7210) (config) #aaa server-group test
(Aruba7210) (Server Group "test") #auth-server  win2008
(Aruba7210) (Server Group "test") #auth-server  win2012
(Aruba7210) (Server Group "test") #auth-server  cppm
(Aruba7210) (Server Group "test") # load-balance

(Aruba7210) (config) #aaa profile testaaa
(Aruba7210) (AAA Profile "testaaa") #dot1x-server-group test
(Aruba7210) (AAA Profile "testaaa") #radius-accounting test


In some cases, WLAN admin might be willing to have separate server-groups for dot1x authentication and accounting. In such scenario, ensure the Load balancing knob is enabled in the server group that's configured separately for Radius Accounting as well. 


(Aruba7210) (config) #aaa profile TESTaaa
(Aruba7210) (AAA Profile "TESTaaa") #dot1x-server-group test
(Aruba7210) (AAA Profile "TESTaaa") #radius-accounting test123  -> Server group for radius accounting is different from dot1x server-group.


Separate Server-Group for Radius Accounting 

(Aruba7210) (config) #aaa server-group test123
(Aruba7210) (Server Group "test123") #auth-server cppmLab1
(Aruba7210) (Server Group "test123") #auth-server cppmLab2
(Aruba7210) (Server Group "test123") #auth-server cppmLab3
(Aruba7210) (Server Group "test123") # load-balance





(Aruba7210) #show aaa server-group test

Fail Through:No
Load Balance:Yes       >>> Load balance is enabled. This will load balance Radius authentication AND accounting request.

Auth Servers
Name     Server-Type  trim-FQDN  Match-Type  Match-Op  Match-Str
----     -----------  ---------  ----------  --------  ---------
win2008    Radius       No
win2012    Radius       No
cppm       Radius       No



Version history
Revision #:
2 of 2
Last update:
‎04-23-2017 10:00 AM
Updated by:
Labels (1)

Hi Support,


This is a nice feature.  What is the algorithm used to balance the requests to 2 different CPPM?  I have 2 CPPMs on different locations but the request sent to each server is different.  The ratio sometimes is 4:1.


There isnt any issue yet as the one cppm can take teh load.   We just want to know the reason why one is favored so we can find a way to get it close to equal.




Search Airheads
Showing results for 
Search instead for 
Did you mean: