I currently have an 1812 router setup to accept PPTP VPN connections. All authentication takes place against a RADIUS server (Microsoft IAS), the config for this, which is working fine, ias as follows:
aaa authentication ppp default group radius local
aaa authorization network default group radius
! Default PPTP VPDN group
ip unnumbered Vlan1
peer default ip address dhcp
ppp encrypt mppe auto required
ppp authentication ms-chap-v2
ppp timeout idle 21600
radius-server host 22.214.171.124 auth-port 1645 acct-port 1646 key shared_key
I would like to be able to specify a backup RADIUS server, in case the primary failes. So I have specified the following config:
aaa group server radius authgroup
no radius-server host 126.96.36.199 auth-port 1645 acct-port 1646 key shared_key
aaa authentication ppp default group authgroup
aaa authorization network default group authgroup
However, with this configuration, authentication fails. A debug shows the following:
Sep 11 10:04:23.869: AAA/AUTHEN/PPP (00000056): Pick method list 'default'
Sep 11 10:12:18.889: %RADIUS-3-NOSERVERS: No Radius hosts configured or no valid server present in the server group authgroup
Any help would be appreciated.
You must not deconfigure the "radius-server host" commands when grouping them under a server group. You must retain both the "radius-server host" commands and only subsequently sort them into the groups according to your liking.
Have a look at this example: I have created an example server group and referred to an undefined RADIUS server. Observe the warning displayed:
R1(config)#aaa group server radius Example
*Mar 1 04:49:00.446: %RADIUS-4-NOSERV: Warning: Server 188.8.131.52:1645,1646 is not defined.
So the solution in your case is simply to have both RADIUS servers defined before grouping in a server group.