How can I verify connections to my server on ACE-udp port

Unanswered Question
May 5th, 2010

We are failing when RADIUS is trying to be implemented through a vip

server doesnt see connections

I do

show serverfarm RADIUIS

---------------------------------
                                               ----------connections-----------
      real                  weight state             current           total            failures
  ---+---------------------+------+------------+----------+----------+---------
  rserver: PRDDOMCLT02
      10.11.13.180:0        8      OPERATIONAL  0          13         0
  rserver: PRDDOMCLT01
      10.11.13.212:0        8      OPERATIONAL  0          12         0

and I can see connections on the table for the rserver, but how can i confirm what part it is used on?

These would be typical UDP Radius ports

serverfarm host RADIUS
  probe probe_service_icmp
  rserver PRDDOMCLT02
    inservice
  rserver PRDDOMCLT01

rserver host PRDDOMCLT02
  ip address 10.11.13.180
  probe probe_service_icmp
  inservice

rserver host PRDDOMCLT01
  ip address 10.11.13.212
  probe probe_service_icmp
  inservice

class-map match-all RADIUS-VIP
  2 match virtual-address 172.20.224.35 any

policy-map type loadbalance first-match RADIUS-VIP
  class class-default
    serverfarm RADIUS

class RADIUS-VIP
   loadbalance vip inservice
   loadbalance policy RADIUS-VIP
   loadbalance vip icmp-reply
   nat dynamic 2 vlan 112

interface vlan 112
  ip address 10.11.12.4 255.255.252.0
  alias 10.11.12.10 255.255.252.0
  peer ip address 10.11.12.5 255.255.252.0
  no normalization
  no icmp-guard
  access-group input any
  nat-pool 2 10.11.12.20 10.11.12.20 netmask 255.255.252.0 pat
  service-policy input VIPs
  service-policy input ALLOW_ICMP_POLICY
  no shutdown

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Thu, 05/06/2010 - 09:09

You should get a sniffer trace on the vlan to see if the request comes in, if it is sent out and what the server does with it.

Gilles.

ciscocsoc Fri, 05/07/2010 - 01:20

Are you letting traffic from the VIP through ahny firewall on the RADIUS server and is the VIP defined as a NAS in the RADIUS configuration?

Cathy

Actions

This Discussion