03-29-2010 07:23 AM - edited 03-10-2019 05:02 PM
I'm trying to configure redundant acs servers in my lab. What interface commands are needed to make this happen. I have both the servers in globally on the switch and I when I block the connection that it authenticates to first and tell the port to re-authenticate the switch tries the next server but the port is marked as unauthorized and the host fails authentication. I can authenticate to either server one by one but not in a failover situation. below i have my port config. I believe im missing something in my port config. Thanks for any help.
dot1x pae authenticator
dot1x port-control auto
dot1x timeout quiet-period 20
dot1x timeout reauth-period 3600
dot1x timeout tx-period 10
dot1x reauthentication
dot1x auth-fail max-attempts 1
dot1x control-direction both
dot1x mac-auth-bypass
03-29-2010 08:37 AM
You would define multiple RADIUS servers in the switch configuration, then point the authentication and authorization methods to them, the switch should try them in the order in which they appear, rolling over to the next one if the first one does not reply within the timeout period.
03-29-2010 10:40 AM
I have both acs servers defined. When the switch rolls to the second server I get Authen session timed out: Challenge not provided by client as the failure code in acs.
10-07-2010 02:59 PM
Were you able to resolve the issue? I am having a similar issue with a PIX and 2 ACS servers running, both on Windows 2003 servers. My error when switching to the second ACS is "ACS password invalid".
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: