I have dilemma that I need to send Radius accounting info to two different servers for dot1x authentication. The following is the relevent config. However the switch is only sending one copy to the first server in the server group...
aaa group server radius Acct
server 172.17.1.1 auth-port 1812 acct-port 1813
server 172.17.1.2 auth-port 1812 acct-port 1813
aaa accounting dot1x default start-stop broadcast group Acct
radius-server host 172.17.1.1 auth-port 1812 acct-port 1813 key xxxxxx
radius-server host 172.17.1.2 auth-port 1812 acct-port 1813 key xxxxxx
Is it possible to send two copies to two different servers? I tried the keyword "broadcast" in the aaa accounting command but it doesn't make a difference. What does it do? I can't find it in the manual...
You need to create two aaa server groups to make it work. Enables sending accounting records to multiple AAA servers. Simultaneously sends accounting records to the first server in each group. If the first server is unavailable, failover occurs using the backup servers defined within that group.
Configuring AAA Broadcast Accounting
The following example shows turning on broadcast accounting using the global aaa accounting command:
aaa group server radius isp
aaa group server radius isp_customer
aaa accounting network default start-stop broadcast group isp group isp_customer
radius-server host 22.214.171.124
radius-server host 126.96.36.199
radius-server key key1
radius-server host 188.8.131.52 key key2
The broadcast keyword causes start and stop accounting records for dot1x connections to be sent simultaneously to server 184.108.40.206 in the group isp and to server 220.127.116.11 in the group isp_customer. If server 18.104.22.168 is unavailable, fail over to server 22.214.171.124 occurs. If server 126.96.36.199 is unavailable, no fail over occurs because backup servers are not configured for the group isp_customer.
Do rate helpful posts