Backup RADIUS servers

Unanswered Question
Apr 16th, 2009

Hi, I have a wireless configuration that works great for me. I have a small wireless network of 5 different offices with 5 AP's. I have all Cisco AP's using Microsofts IAS as my RADIUS server, and group policy to push out the wireless configurations to my windows clients.

What I'm wanting to do is make my secondary domain controller, my secondary IAS (RADIUS) server. I've configured my IAS settings on the secondary server identical to my primary DC. I need to know if what I'm looking at changing in my AP configuration will give me the results I'm looking for.

What I want to do is configure my access points so that if my primary domain controller goes offline, then my secondary controller will start authenticating to the AP's. I'm wondering if all I need to do is add the secondary server to my aaa radius server group. Or do I need to add it as the radius-server host, or both. Or is what I'm trying to do even possible with how I'm trying to do it?

Let me know if I need to provide any more information to make my goal or what I'm working with more clear.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Leo Laohoo Thu, 04/16/2009 - 15:38

I'd add the second server IP Address to your aaa radius server group.

Tyrant_007 Thu, 04/16/2009 - 15:40

If that's all there is to it, then I'll test first thing tomorrow morning.

Thanks for the prompt reply!

gamccall Fri, 04/17/2009 - 04:56

Remember that you can use the "test aaa group" command to make sure that authentication to your backup server is working without having to break your primary link.

Tyrant_007 Fri, 04/17/2009 - 15:43

I couldn't get the "test aaa group" command to work correctly. Trouble with the profile portion I think. I just couldn't make it happy. I just got on when no one was connected to the wireless and disabled the IAS service on the primary DC and reloaded the AP. It came up fine and it broadcast fine. My test laptop however, wasn't able to log on to the network. As soon as I enabled the IAS service on my primary DC, it was able to log on to the network.

Is there a command that I can enter to verify how the AP was authenticated to the domain? It would be nice to make sure it is authenticating to the secondary IAS IP address.

Thanks for all your responses.



This Discussion



Trending Topics - Security & Network