Log in to ask questions, share your expertise, or stay connected to content. Don’t have a login? Join now.
Requirement:
The purpose of this feature is to let Aruba Mobility Controller also to do load balancing of accounting requests destined to external authentication servers.
By default, RADIUS accounting packets for all clients hits the first server in the server-group. Other servers listed in the same server group are used in sequential order, only if the first server goes down for some reason. Starting 6.5.1.0, Server Load balancing feature distributes Radius accounting packets among the active servers in server group. When load balance knob is enabled in the Auth server group, it also enables radius accounting load balance. This feature relies on Auth server load balancing algorithm to achieve accounting load balancing.
(Aruba7210) (config) #aaa server-group test (Aruba7210) (Server Group "test") #auth-server win2008 (Aruba7210) (Server Group "test") #auth-server win2012 (Aruba7210) (Server Group "test") #auth-server cppm (Aruba7210) (Server Group "test") # load-balance (Aruba7210) (config) #aaa profile testaaa (Aruba7210) (AAA Profile "testaaa") #dot1x-server-group test (Aruba7210) (AAA Profile "testaaa") #radius-accounting test
In some cases, WLAN admin might be willing to have separate server-groups for dot1x authentication and accounting. In such scenario, ensure the Load balancing knob is enabled in the server group that's configured separately for Radius Accounting as well.
(Aruba7210) (config) #aaa profile TESTaaa (Aruba7210) (AAA Profile "TESTaaa") #dot1x-server-group test (Aruba7210) (AAA Profile "TESTaaa") #radius-accounting test123 -> Server group for radius accounting is different from dot1x server-group.
Separate Server-Group for Radius Accounting
(Aruba7210) (config) #aaa server-group test123 (Aruba7210) (Server Group "test123") #auth-server cppmLab1 (Aruba7210) (Server Group "test123") #auth-server cppmLab2 (Aruba7210) (Server Group "test123") #auth-server cppmLab3 (Aruba7210) (Server Group "test123") # load-balance
(Aruba7210) #show aaa server-group test Fail Through:No Load Balance:Yes >>> Load balance is enabled. This will load balance Radius authentication AND accounting request. Auth Servers ------------ Name Server-Type trim-FQDN Match-Type Match-Op Match-Str ---- ----------- --------- ---------- -------- --------- win2008 Radius No win2012 Radius No cppm Radius No
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.