Controller Based WLANs

 View Only
last person joined: one year ago 

APs, Controllers, VIA
Back to Library

Server load balancing for Radius Accounting request 

Apr 23, 2017 01:00 PM

Requirement:

The purpose of this feature is to let Aruba Mobility Controller also to do load balancing of accounting requests destined to external authentication servers.

 



Solution:

By default, RADIUS accounting packets for all clients hits the first server in the server-group. Other servers listed in the same server group are used in sequential order, only if the first server goes down for some reason. Starting 6.5.1.0, Server Load balancing feature distributes Radius accounting packets among the active servers in server group. When load balance knob is enabled in the Auth server group, it also enables radius accounting load balance. This feature relies on Auth server load balancing algorithm to achieve accounting load balancing.

 



Configuration:

 

(Aruba7210) (config) #aaa server-group test
(Aruba7210) (Server Group "test") #auth-server  win2008
(Aruba7210) (Server Group "test") #auth-server  win2012
(Aruba7210) (Server Group "test") #auth-server  cppm
(Aruba7210) (Server Group "test") # load-balance

(Aruba7210) (config) #aaa profile testaaa
(Aruba7210) (AAA Profile "testaaa") #dot1x-server-group test
(Aruba7210) (AAA Profile "testaaa") #radius-accounting test

 

In some cases, WLAN admin might be willing to have separate server-groups for dot1x authentication and accounting. In such scenario, ensure the Load balancing knob is enabled in the server group that's configured separately for Radius Accounting as well. 

 

(Aruba7210) (config) #aaa profile TESTaaa
(Aruba7210) (AAA Profile "TESTaaa") #dot1x-server-group test
(Aruba7210) (AAA Profile "TESTaaa") #radius-accounting test123  -> Server group for radius accounting is different from dot1x server-group.

 

Separate Server-Group for Radius Accounting 

(Aruba7210) (config) #aaa server-group test123
(Aruba7210) (Server Group "test123") #auth-server cppmLab1
(Aruba7210) (Server Group "test123") #auth-server cppmLab2
(Aruba7210) (Server Group "test123") #auth-server cppmLab3
(Aruba7210) (Server Group "test123") # load-balance

 

 

 

 



Verification
(Aruba7210) #show aaa server-group test

Fail Through:No
Load Balance:Yes       >>> Load balance is enabled. This will load balance Radius authentication AND accounting request.

Auth Servers
------------
Name     Server-Type  trim-FQDN  Match-Type  Match-Op  Match-Str
----     -----------  ---------  ----------  --------  ---------
win2008    Radius       No
win2012    Radius       No
cppm       Radius       No

 

 

Statistics
0 Favorited
5 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.