02-22-2007 03:02 PM
I am trying to use a server farm to get radius authentication/authorization and would like to get some comments. I have not found any related documentation in this case or at least using the CSM.
Does the attached configuration take sense?
I appreciated.
Jose
02-28-2007 12:27 PM
Kindly refer the following url for more information,
02-28-2007 07:42 PM
CSM does NOT have specific support for radius LB.
The CSM can only support radius LB at L4, but there's no support for stickiness based on application-specific information.
Simple Answer: yes you can do it, but you need to tackle it at layer 4.
With loadbalancing radius, you also need to make sure that subsequent traffic should also hit the same radius server
Your config should look like
!
vlan 232 server
ip address 172.22.9.4 255.255.255.0
gateway 172.22.9.1
alias 172.22.9.6 255.255.255.0!!
!PROBES !
probe RADIUS-ACT-PROBE udp
interval 15
retries 2
failed 2
port 1812
probe RADIUS-AUTHE-PROBE udp
interval 15
retries 2
failed 2
port 1813
!! serverfarm !
serverfarm RADIUS
nat server
no nat client
real 172.22.1.130
inservice
probe RADIUS-ACT-PROBE
probe RADIUS-AUTHE-PROBE!!
!! Sticky configuration!
Sticky 19 netmask 255.255.255.255 address source
! Virtual servers !
vserver RADIUS-ACT
virtual 172.20.2.12 any
sticky 30 group 19
serverfarm RADIUS
inservice
!
Hope it helps
Syed I Ahmed
03-01-2007 12:27 AM
Many Thanks Syed by your help and explanations. My customer does not want to make load balancing. He really wants to maintain a unique radius server, but tied to the CPD considered primary.
Greetings.
Jose
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: