Security

Reply
Occasional Contributor II

Question on RADIUS connection timeout when using second authentication method

Hi,

 

when configuring the command

aaa authentication mac-based chap-radius authorized

I got the information message

The RADIUS connection timeout must be less than the
authentication server timeout for the switch to authenticate
automatically when the RADIUS server is unavailable.
Do you want to continue? [y/n]

What do the terms 'RADIUS connection timeout' and 'authentication server timeout' refer to? Which timeouts are ment exactly? How can I check them? I do not experience any issues, but I try to understand what Aruba wants me to know.

 

RADIUS Server is a CPPM and the Switch an Aruba 2530 on YA.16.08.0001.

 

Regards

Highlighted
Frequent Contributor I

Re: Question on RADIUS connection timeout when using second authentication method

you receive this error becaus you added the command:

authorized

i am not quit sure what they mean with the 2 time-out values, i think they must be related to this two:

 

Global

# radius-server timeout <1-15>
Specifies the maximum time the switch waits for a response to an authentication request before counting the
attempt as a failure.
Default: 5 seconds; Range: 1–15 seconds

 

Per port:

# aaa port-access authenticator server-timeout <1-300>

Sets the time the switch waits for a server response to an authentication request. If there is no response
within the configured time frame, the switch assumes that the authentication attempt has timed out.
Depending on the current max-requests setting, the switch will either send a new request to the server
or end the authentication session. (Default: 30 seconds)

----------Aruba ACCX #748, ACDX #758, ACMP, ACEAP | HPE Master ASE----------
Feel free to give kudos or accept as a solution!
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: