Switch: radius-server host HOSTNAME problem

Answered Question
Aug 4th, 2010

Hello,

do know anybody why there is no possible to specify radius-server host on switch IOS as hostname? Even if there is correct DNS record running-conf line is changed to IP address. Are there any high-level arguments for suppresion this config possibilities? I would like to test GSS between authenticator (switch) and authentication servers (enforcer group).

Thanx in advance.

Radim

I have this problem too.
0 votes
Correct Answer by tprendergast about 6 years 4 months ago

I believe some of it has to do with the fact that DNS takes time in and of itself, slowing down the authentication process when you first resolve the name, then direct packets to the IP. DNS is often slower and can take seconds to resolve, whereas the timeouts for RADIUS can often occur first.

A good way to get around this is to use anycast-like addressing (works well for UDP services). Several hosts with the same IP, most specific is the one that wins in any given case.

This doesn't work as well in a LAN, but you can at least specify several RADIUS hosts by IP for redundancy in that case.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
milan.kulik Wed, 08/04/2010 - 07:11

Hi,

I guess the reason is security?

To prevent a possible DNS spoofing attack?

BR,

Milan

Correct Answer
tprendergast Wed, 08/04/2010 - 13:37

I believe some of it has to do with the fact that DNS takes time in and of itself, slowing down the authentication process when you first resolve the name, then direct packets to the IP. DNS is often slower and can take seconds to resolve, whereas the timeouts for RADIUS can often occur first.

A good way to get around this is to use anycast-like addressing (works well for UDP services). Several hosts with the same IP, most specific is the one that wins in any given case.

This doesn't work as well in a LAN, but you can at least specify several RADIUS hosts by IP for redundancy in that case.

Actions

This Discussion

Related Content