Is it possible to send Radius accounting packets to two different servers?

Answered Question
Sep 16th, 2010

Hi experts!

I have dilemma that I need to send Radius accounting info to two different servers for dot1x authentication. The following is the relevent config. However the switch is only sending one copy to the first server in the server group...

aaa group server radius Acct
server 172.17.1.1 auth-port 1812 acct-port 1813
server 172.17.1.2 auth-port 1812 acct-port 1813

aaa accounting dot1x default start-stop broadcast group Acct


radius-server host 172.17.1.1 auth-port 1812 acct-port 1813 key xxxxxx
radius-server host 172.17.1.2 auth-port 1812 acct-port 1813 key xxxxxx

Is it possible to send two copies to two different servers? I tried the keyword "broadcast" in the aaa accounting command but it doesn't make a difference. What does it do? I can't find it in the manual...

Thanks!

Difan

I have this problem too.
0 votes
Correct Answer by Jagdeep Gambhir about 6 years 2 months ago

Difan,

You need to create two aaa server groups to make it work. Enables sending accounting records to multiple AAA servers.  Simultaneously sends accounting records to the first server in each  group. If the first server is unavailable, failover occurs using the  backup servers defined within that group.


Configuring AAA Broadcast Accounting
The following example shows turning on broadcast accounting using the global aaa accounting command:

aaa group server radius isp
server 1.0.0.1
server 1.0.0.2

aaa group server radius isp_customer
server 3.0.0.1

aaa accounting network default start-stop broadcast group isp group isp_customer

radius-server host 1.0.0.1
radius-server host 1.0.0.2
radius-server key key1
radius-server host 3.0.0.1 key key2

The broadcast keyword causes start and stop accounting records for dot1x connections to be sent simultaneously to server 1.0.0.1 in the group isp and to server 3.0.0.1 in the group isp_customer. If server 1.0.0.1 is unavailable, fail over to server 1.0.0.2 occurs. If server 3.0.0.1 is unavailable, no fail over occurs because backup servers are not configured for the group isp_customer.


Regards,

~JG


Do rate helpful posts

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jagdeep Gambhir Fri, 09/17/2010 - 02:23

Difan,

You need to create two aaa server groups to make it work. Enables sending accounting records to multiple AAA servers.  Simultaneously sends accounting records to the first server in each  group. If the first server is unavailable, failover occurs using the  backup servers defined within that group.


Configuring AAA Broadcast Accounting
The following example shows turning on broadcast accounting using the global aaa accounting command:

aaa group server radius isp
server 1.0.0.1
server 1.0.0.2

aaa group server radius isp_customer
server 3.0.0.1

aaa accounting network default start-stop broadcast group isp group isp_customer

radius-server host 1.0.0.1
radius-server host 1.0.0.2
radius-server key key1
radius-server host 3.0.0.1 key key2

The broadcast keyword causes start and stop accounting records for dot1x connections to be sent simultaneously to server 1.0.0.1 in the group isp and to server 3.0.0.1 in the group isp_customer. If server 1.0.0.1 is unavailable, fail over to server 1.0.0.2 occurs. If server 3.0.0.1 is unavailable, no fail over occurs because backup servers are not configured for the group isp_customer.


Regards,

~JG


Do rate helpful posts

Actions

This Discussion