Security

last person joined: 9 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Mutiple radius servers in a group

This thread has been viewed 1 times

  • 1.  Mutiple radius servers in a group

    Posted May 04, 2010 10:47 AM
    Customer has TWO different Radius Servers where the users are spread on these radius servers, they are not in synchronized and have different sets of users.

    My question is if I add both of them in single radius group can the authentication request will be passed on to the second server if the user account is not available in the first server.

    Or only when the first server is not reachable/available it will pass it to the second server.


  • 2.  RE: Mutiple radius servers in a group

    EMPLOYEE
    Posted May 04, 2010 10:51 AM
    In the server group, there is a fail-through option. If this is off, the first server will be always queried. if the first server does not respond, it will be taken out of service and the second server will be used.

    If fail-through is ON, the first server will be queried. If we get a reject from the first server, the second server will be queried. That is the option you need.


  • 3.  RE: Mutiple radius servers in a group

    Posted May 04, 2010 10:52 AM
    Make sure the "Fail through" button is checked (enabled) in the server group and the controller will try the second server if the first does not respond or responds with a reject. You may have to enable termination on the controller to make this work.

    Check out page 262 of the 3.4.2 users guide. It explains this feature in detail.