Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3015
Views
1
Helpful
2
Replies

Is it possible to send Radius accounting packets to two different servers?

Go to solution
Difan Zhao
Level 5
Level 5

‎09-16-2010 05:52 PM - edited ‎03-10-2019 05:24 PM

Hi experts!

I have dilemma that I need to send Radius accounting info to two different servers for dot1x authentication. The following is the relevent config. However the switch is only sending one copy to the first server in the server group...

aaa group server radius Acct
server 172.17.1.1 auth-port 1812 acct-port 1813
server 172.17.1.2 auth-port 1812 acct-port 1813

aaa accounting dot1x default start-stop broadcast group Acct


radius-server host 172.17.1.1 auth-port 1812 acct-port 1813 key xxxxxx
radius-server host 172.17.1.2 auth-port 1812 acct-port 1813 key xxxxxx

Is it possible to send two copies to two different servers? I tried the keyword "broadcast" in the aaa accounting command but it doesn't make a difference. What does it do? I can't find it in the manual...

Thanks!

Difan

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jagdeep Gambhir
Level 10
Level 10

‎09-17-2010 02:23 AM

Difan,

You need to create two aaa server groups to make it work. Enables sending accounting records to multiple AAA servers.  Simultaneously sends accounting records to the first server in each  group. If the first server is unavailable, failover occurs using the  backup servers defined within that group.


Configuring AAA Broadcast Accounting
The following example shows turning on broadcast accounting using the global aaa accounting command:

aaa group server radius isp
server 1.0.0.1
server 1.0.0.2

aaa group server radius isp_customer
server 3.0.0.1

aaa accounting network default start-stop broadcast group isp group isp_customer

radius-server host 1.0.0.1
radius-server host 1.0.0.2
radius-server key key1
radius-server host 3.0.0.1 key key2

The broadcast keyword causes start and stop accounting records for dot1x connections to be sent simultaneously to server 1.0.0.1 in the group isp and to server 3.0.0.1 in the group isp_customer. If server 1.0.0.1 is unavailable, fail over to server 1.0.0.2 occurs. If server 3.0.0.1 is unavailable, no fail over occurs because backup servers are not configured for the group isp_customer.


Regards,

~JG


Do rate helpful posts

View solution in original post

2 Replies 2

Go to solution
Jagdeep Gambhir
Level 10
Level 10

‎09-17-2010 02:23 AM

Difan,

You need to create two aaa server groups to make it work. Enables sending accounting records to multiple AAA servers.  Simultaneously sends accounting records to the first server in each  group. If the first server is unavailable, failover occurs using the  backup servers defined within that group.


Configuring AAA Broadcast Accounting
The following example shows turning on broadcast accounting using the global aaa accounting command:

aaa group server radius isp
server 1.0.0.1
server 1.0.0.2

aaa group server radius isp_customer
server 3.0.0.1

aaa accounting network default start-stop broadcast group isp group isp_customer

radius-server host 1.0.0.1
radius-server host 1.0.0.2
radius-server key key1
radius-server host 3.0.0.1 key key2

The broadcast keyword causes start and stop accounting records for dot1x connections to be sent simultaneously to server 1.0.0.1 in the group isp and to server 3.0.0.1 in the group isp_customer. If server 1.0.0.1 is unavailable, fail over to server 1.0.0.2 occurs. If server 3.0.0.1 is unavailable, no fail over occurs because backup servers are not configured for the group isp_customer.


Regards,

~JG


Do rate helpful posts

Go to solution
Difan Zhao
Level 5
Level 5
In response to Jagdeep Gambhir

‎09-17-2010 02:59 PM

This is the reply I must rate! Thanks a lot JG!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents