I have dilemma that I need to send Radius accounting info to two different servers for dot1x authentication. The following is the relevent config. However the switch is only sending one copy to the first server in the server group...
aaa group server radius Acct
server 172.17.1.1 auth-port 1812 acct-port 1813
server 172.17.1.2 auth-port 1812 acct-port 1813
aaa accounting dot1x default start-stop broadcast group Acct
radius-server host 172.17.1.1 auth-port 1812 acct-port 1813 key xxxxxx
radius-server host 172.17.1.2 auth-port 1812 acct-port 1813 key xxxxxx
Is it possible to send two copies to two different servers? I tried the keyword "broadcast" in the aaa accounting command but it doesn't make a difference. What does it do? I can't find it in the manual...
You need to create two aaa server groups to make it work. Enables sending accounting records to multiple AAA servers. Simultaneously sends accounting records to the first server in each group. If the first server is unavailable, failover occurs using the backup servers defined within that group.
Configuring AAA Broadcast Accounting
The following example shows turning on broadcast accounting using the global aaa accounting command:
aaa group server radius isp
aaa group server radius isp_customer
aaa accounting network default start-stop broadcast group isp group isp_customer
radius-server host 188.8.131.52
radius-server host 184.108.40.206
radius-server key key1
radius-server host 220.127.116.11 key key2
The broadcast keyword causes start and stop accounting records for dot1x connections to be sent simultaneously to server 18.104.22.168 in the group isp and to server 22.214.171.124 in the group isp_customer. If server 126.96.36.199 is unavailable, fail over to server 188.8.131.52 occurs. If server 184.108.40.206 is unavailable, no fail over occurs because backup servers are not configured for the group isp_customer.
Do rate helpful posts