AS5300 does not change to Radius backup server

Unanswered Question

Hello, we have two radius servers <Radius_1_PUBLIC_IP> and <Radius_2_PUBLIC_IP> When the first shuts down, the AS5300 Gateway does not change to the backup server.


aaa group server radius H323-calls

server <Radius_1_PUBLIC_IP> auth-port 1812 acct-port 1813

server <Radius_2_PUBLIC_IP> auth-port 1812 acct-port 1813

!

aaa authentication login admins local

aaa authentication login remote group radius local

aaa authentication login h323 group H323-calls

aaa authorization exec h323 group radius

aaa accounting exec default start-stop group radius

aaa accounting connection h323 start-stop group radius

radius-server host <Radius_1_PUBLIC_IP> auth-port 1812 acct-port 1813 non-standard

radius-server host <Radius_2_PUBLIC_IP> auth-port 1812 acct-port 1813 non-standard

radius-server key 7 xxxx


I attach the complete configuration and show version.



Thanks



Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
irisrios Tue, 05/05/2009 - 08:35

Try to configure a proper radius secret for all radius servers or configure a global radius secret.

Hello, thank you very much for the response.

We have tried to configure a global shared key and local shared key:

radius-server host auth-port 1812 acct-port 1813 non-standard key 7


radius-server host auth-port 1812 acct-port 1813 non-standard key


But the problem happens again.


These is a part of the debug of the gateway when we shut down the Radius1 (first choice) and has to switch to Radius2:

-----------------------------------

Feb 18 16:06:25.204 MET: RADIUS: Trying next server ( :1813,1812) for

id111

Feb 18 16:06:25.204 MET: RADIUS: Retransmit id 111

Feb 18 16:06:26.204 MET: RADIUS: Retransmit id 111

Feb 18 16:06:27.204 MET: RADIUS: Retransmit id 111

Feb 18 16:06:29.204 MET: RADIUS: Tried all servers.

Feb 18 16:06:29.204 MET: RADIUS: No valid server found. Trying any viable server

Feb 18 16:06:29.204 MET: RADIUS: Tried all servers.

Feb 18 16:06:29.204 MET: RADIUS: No response for id 111

Feb 18 16:06:29.204 MET: %RADIUS-3-ALLDEADSERVER: Group radius: No active radius

servers found. Id 111.


------------------------------------


I don't know if it's a bug, but the gateway marks as dead but when it tries next server it can't communicate with int. The problem happens exactly if the Radius2 is active and Radius1 is backup.


Any help would be great for us because we don't know what is happening.



Actions

This Discussion