Doubts on Radius Server

Unanswered Question
Feb 17th, 2010

1. Suppose we have mutliple Radius server in a Netowrk. If primary Radius server goes down , how secondary server will come into the picture..

2. Where can we check ,which Radius server is active (Primary or secondary Radius server)

3. Is there any limit like one server can authenticate a number of clients?

Thanks

Sri

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jagdeep Gambhir Wed, 02/17/2010 - 09:38

Sri,

1) Its the NAS that brings up secondary radius server. First it will try hitting primary radius server and if there is no response it will then try seoncdary radius.

2) On ASA you can use this command to check the server status,

ASA# show aaa-server protocol radius

On IOS

Switch#show aaa servers

RADIUS: id 3, priority 1, host 192.168.26.119, auth-port 1645, acct-port 1646
     State: current UP, duration 151040s, previous duration 0s
     Dead: total time 0s, count 0
     Quarantined: No
     Authen: request 6, timeouts 0
             Response: unexpected 0, server error 0, incorrect 0, time 190ms
             Transaction: success 6, failure 0
     Author: request 0, timeouts 0
             Response: unexpected 0, server error 0, incorrect 0, time 0ms
             Transaction: success 0, failure 0
     Account: request 0, timeouts 0
             Response: unexpected 0, server error 0, incorrect 0, time 0ms
             Transaction: success 0, failure 0
     Elapsed time since counters last cleared: 1d17h33m

RADIUS: id 4, priority 2, host 192.168.1.99, auth-port 1645, acct-port 1646
     State: current UP, duration 151040s, previous duration 0s
     Dead: total time 0s, count 0
     Quarantined: No
     Authen: request 0, timeouts 0
             Response: unexpected 0, server error 0, incorrect 0, time 0ms
             Transaction: success 0, failure 0
     Author: request 0, timeouts 0
             Response: unexpected 0, server error 0, incorrect 0, time 0ms
             Transaction: success 0, failure 0
     Account: request 0, timeouts 0
             Response: unexpected 0, server error 0, incorrect 0, time 0ms
             Transaction: success 0, failure 0
     Elapsed time since counters last cleared: 0m

3) I'm not aware of any limit that can be configured on radius. But there are certain paremeters you can set up (That depends on verdor)

Regards,

~JG

Do rate helpful posts

s.kanth Wed, 02/17/2010 - 18:30

Thanks for your help :-)

ACS server is installed on Windows server ,then How IOS commands are executed on windows server ?

Thanks in Adv

Sri

Ganesh Hariharan Wed, 02/17/2010 - 23:53

Thanks for your help :-)

ACS server is installed on Windows server ,then How IOS commands are executed on windows server ?

Thanks in Adv

Sri

Sri,

It is not the things if ACS is installed in windows or an appliance,The main thing is protocol service that clients used to communicate with ACS server on Radius or TACAS protocol.

If you have cofnigured on aaa client both the radious server along with key and also configured the retry count for radious server then for that particular retry count it will try to primary server if it not respond then secondary will come in to picture.

Hope to Help !!

If helpful do rate the post

Ganesh.H

Actions

This Discussion