How "radius-server deadtime" works?

limtohsoon · ‎08-11-2008

Hi,

I have the following config on a C10K:

!

aaa group server radius RADIUS_AUTH

server 1.1.1.221 auth-port 8081 acct-port 8082

server 1.1.1.222 auth-port 8081 acct-port 8082

!

radius-server retransmit 2

radius-server timeout 3

radius-server deadtime 120

!

"radius-server dead-criteria" is not explicitly configured. In this case, how would the dead criteria be computed?

I observed the following logs:

Aug 1 12:28:19.270 MYT: %RADIUS-4-RADIUS_ALIVE: RADIUS server 1.1.1.221:8081,8082 is being marked alive.

Aug 1 12:28:49.626 MYT: %RADIUS-4-RADIUS_DEAD: RADIUS server 1.1.1.221:8081,8082 is not responding.

Aug 1 14:28:49.308 MYT: %RADIUS-4-RADIUS_ALIVE: RADIUS server 1.1.1.221:8081,8082 is being marked alive.

Aug 1 14:29:22.496 MYT: %RADIUS-4-RADIUS_DEAD: RADIUS server 1.1.1.221:8081,8082 is not responding.

Aug 1 15:54:50.118 MYT: %RADIUS-4-RADIUS_DEAD: RADIUS server 1.1.1.222:8081,8082 is not responding.

Aug 1 15:55:06.903 MYT: %RADIUS-3-ALLDEADSERVER: Group RADIUS_AUTH: No active radius servers found. Id 216.

Aug 1 15:55:23.067 MYT: %RADIUS-6-SERVERALIVE: Group RADIUS_AUTH: Radius server 1.1.1.222:8081,8082 is responding again (previously dead).

Aug 1 15:55:23.067 MYT: %RADIUS-4-RADIUS_ALIVE: RADIUS server 1.1.1.222:8081,8082 is being marked alive.

Aug 1 16:29:22.606 MYT: %RADIUS-4-RADIUS_ALIVE: RADIUS server 1.1.1.221:8081,8082 is being marked alive.

Aug 1 16:29:53.670 MYT: %RADIUS-4-RADIUS_DEAD: RADIUS server 1.1.1.221:8081,8082 is not responding.

Aug 1 18:29:53.064 MYT: %RADIUS-4-RADIUS_ALIVE: RADIUS server 1.1.1.221:8081,8082 is being marked alive.

Aug 1 18:30:24.057 MYT: %RADIUS-4-RADIUS_DEAD: RADIUS server 1.1.1.221:8081,8082 is not responding.

Aug 1 20:30:24.169 MYT: %RADIUS-4-RADIUS_ALIVE: RADIUS server 1.1.1.221:8081,8082 is being marked alive.

Aug 1 20:30:57.233 MYT: %RADIUS-4-RADIUS_DEAD: RADIUS server 1.1.1.221:8081,8082 is not responding.

Aug 1 22:30:57.343 MYT: %RADIUS-4-RADIUS_ALIVE: RADIUS server 1.1.1.221:8081,8082 is being marked alive.

Aug 1 22:31:37.112 MYT: %RADIUS-4-RADIUS_DEAD: RADIUS server 1.1.1.221:8081,8082 is not responding.

Aug 2 00:31:37.222 MYT: %RADIUS-4-RADIUS_ALIVE: RADIUS server 1.1.1.221:8081,8082 is being marked alive.

Aug 2 00:32:13.606 MYT: %RADIUS-4-RADIUS_DEAD: RADIUS server 1.1.1.221:8081,8082 is not responding.

Aug 2 02:32:13.727 MYT: %RADIUS-4-RADIUS_ALIVE: RADIUS server 1.1.1.221:8081,8082 is being marked alive.

Aug 2 02:32:52.136 MYT: %RADIUS-4-RADIUS_DEAD: RADIUS server 1.1.1.221:8081,8082 is not responding.

Aug 2 04:32:52.009 MYT: %RADIUS-4-RADIUS_ALIVE: RADIUS server 1.1.1.221:8081,8082 is being marked alive.

Aug 2 04:33:22.157 MYT: %RADIUS-4-RADIUS_DEAD: RADIUS server 1.1.1.221:8081,8082 is not responding.

Aug 2 06:33:22.267 MYT: %RADIUS-4-RADIUS_ALIVE: RADIUS server 1.1.1.221:8081,8082 is being marked alive.

Aug 2 06:33:56.787 MYT: %RADIUS-4-RADIUS_DEAD: RADIUS server 1.1.1.221:8081,8082 is not responding.

Aug 2 08:33:56.285 MYT: %RADIUS-4-RADIUS_ALIVE: RADIUS server 1.1.1.221:8081,8082 is being marked alive.

Aug 2 08:34:24.321 MYT: %RADIUS-4-RADIUS_DEAD: RADIUS server 1.1.1.221:8081,8082 is not responding.

Aug 2 10:34:24.430 MYT: %RADIUS-4-RADIUS_ALIVE: RADIUS server 1.1.1.221:8081,8082 is being marked alive.

Aug 2 10:34:53.550 MYT: %RADIUS-4-RADIUS_DEAD: RADIUS server 1.1.1.221:8081,8082 is not responding.

My analysis:

1. RADIUS server 1.1.1.221 is being marked alive after two hours of it being marked dead, due to the "radius-server deadtime 120" command.

2. At 15:55:06.903, both RADIUS servers are marked dead. So no active RADIUS servers are found in the group. But immediately after this (at 15:55:23.067), RADIUS server 1.1.1.222 is being marked alive.

Based on the logs, it seems like if all servers in the RADIUS group are marked dead, IOS will immediately try one of the servers again. Please correct me if I'm wrong.

Thank you.

B.Rgds,

Lim TS