Redundant Radius Auth Servers - PEAP - Wireless how to configure and test?

Unanswered Question
May 19th, 2010


I currently have 2 ACS server's running ACS v4.2 with PEAP.  I am doing self-signed certificates on the ACS.  What I am trying to configure and test is the redundancy portion of having 2 radius servers.  I have both server's configured on my WCS (v4.2.97.0) and tried to have my test machine only have the certificate of the backup ACS server.  I can't get my client to authenticate or even fail.  Does anyone have a test scenario and configuration for redundancy?  My certificate is getting ready to expire on my primary and I'm trying to figure out how to prevent my end clients from losing connectivity.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Peter Nugent Wed, 05/19/2010 - 14:01

Simply disconnect or disable the radius server you want to fail and test connectivity

darcy Tue, 05/25/2010 - 11:07

I still need to maintain connectivity for over 400 users so I want to ensure that the failover will work prior to disconnecting the primary radius server.  We are a 24 X 7 shop so the service needs to remain active.

Any other ideas?

Peter Nugent Tue, 05/25/2010 - 11:29

Unfortunately the whole reason most failover scenarios don't work is fear of proper testing. If when the solution was implemented and failover was tested and nothing has changed then it should work.

However you only need it when you have a fail situation.

You can lab up the scenario, two RADIUS servers and a controller and see how it behaves and chech that the relevant parts of the config are identical.

You are in a much healthier situation to test this if you can immediately reinstate the failed server as you have only taken it down to test than if you actually have a server failure. You could test it out of normal hours when there is a smaller impact to the business or a scheduled window.

You will never truly know unless you actually fail the system to prove it works, everything else is theory.


This Discussion



Trending Topics - Security & Network