Re: Farm server for radius

jose.velasco · ‎02-22-2007

I am trying to use a server farm to get radius authentication/authorization and would like to get some comments. I have not found any related documentation in this case or at least using the CSM.

Does the attached configuration take sense?

I appreciated.

Jose

dsweeny · ‎02-28-2007

Kindly refer the following url for more information,

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_installation_and_configuration_guides_list.html

Syed Iftekhar Ahmed · ‎02-28-2007

CSM does NOT have specific support for radius LB.

The CSM can only support radius LB at L4, but there's no support for stickiness based on application-specific information.

Simple Answer: yes you can do it, but you need to tackle it at layer 4.

With loadbalancing radius, you also need to make sure that subsequent traffic should also hit the same radius server

Your config should look like

!

vlan 232 server

ip address 172.22.9.4 255.255.255.0

gateway 172.22.9.1

alias 172.22.9.6 255.255.255.0!!

!PROBES !

probe RADIUS-ACT-PROBE udp

interval 15

retries 2

failed 2

port 1812

probe RADIUS-AUTHE-PROBE udp

interval 15

retries 2

failed 2

port 1813

!! serverfarm !

serverfarm RADIUS

nat server

no nat client

real 172.22.1.130

inservice

probe RADIUS-ACT-PROBE

probe RADIUS-AUTHE-PROBE!!

!! Sticky configuration!

Sticky 19 netmask 255.255.255.255 address source

! Virtual servers !

vserver RADIUS-ACT

virtual 172.20.2.12 any

sticky 30 group 19

serverfarm RADIUS

inservice

!

Hope it helps

Syed I Ahmed

jose.velasco · ‎03-01-2007

Many Thanks Syed by your help and explanations. My customer does not want to make load balancing. He really wants to maintain a unique radius server, but tied to the CPD considered primary.

Greetings.

Jose