Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Backup Radius on router

I have the primary Radius server working just fine but when I stop the primary Radius server the backup radius server does not work, it fails over to the local password. I have included the config, does anybody have any idea why it won't fail over to the second radius server?

Thank you for your help

aaa new-model



aaa authentication login default group radius enable

aaa authorization exec default group radius none


aaa session-id common

radius-server host 10.0.xx.5 auth-port 1645 acct-port 1646 key 7 *****

radius-server host 10.0.xx.6 auth-port 1645 acct-port 1546 key 7 ******

Hall of Fame Super Silver

Re: Backup Radius on router


What you have posted looks fine. I do not see a problem so far.

There are several ways that we can investigate this problem. You can choose to do one at a time or to try to do several in parallel:

- you can check on the backup server and see if it is receiving the request from the router. If the backup server did see the request does it think that it responded to it?

- you can check and verify that the backup router has the same definition of the router as client that the primary server does.

- you can run debug on the router and see what the router says about the primary and whether it is attempting to get to the backup server.

I do not know if it is the same thing, but I had a situation a while back that sounds quite similar to your issue. In our situation something on the server was still running but it would not authenticate. It was sending a particular error code back to the router (I do not remember quite what it was) and the router did not treat that as something that would trigger failover to the backup server and it did local authentication. We saw that clearly in the debugs on the router. So how did you fail your primary server? Was it powered down, was the network cable unplugged, was some service stopped, or what?