I have the primary Radius server working just fine but when I stop the primary Radius server the backup radius server does not work, it fails over to the local password. I have included the config, does anybody have any idea why it won't fail over to the second radius server?
Thank you for your help
aaa authentication login default group radius enable
What you have posted looks fine. I do not see a problem so far.
There are several ways that we can investigate this problem. You can choose to do one at a time or to try to do several in parallel:
- you can check on the backup server and see if it is receiving the request from the router. If the backup server did see the request does it think that it responded to it?
- you can check and verify that the backup router has the same definition of the router as client that the primary server does.
- you can run debug on the router and see what the router says about the primary and whether it is attempting to get to the backup server.
I do not know if it is the same thing, but I had a situation a while back that sounds quite similar to your issue. In our situation something on the server was still running but it would not authenticate. It was sending a particular error code back to the router (I do not remember quite what it was) and the router did not treat that as something that would trigger failover to the backup server and it did local authentication. We saw that clearly in the debugs on the router. So how did you fail your primary server? Was it powered down, was the network cable unplugged, was some service stopped, or what?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...