Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Switch: radius-server host HOSTNAME problem

Hello,

do know anybody why there is no possible to specify radius-server host on switch IOS as hostname? Even if there is correct DNS record running-conf line is changed to IP address. Are there any high-level arguments for suppresion this config possibilities? I would like to test GSS between authenticator (switch) and authentication servers (enforcer group).

Thanx in advance.

Radim

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions

Re: Switch: radius-server host HOSTNAME problem

I believe some of it has to do with the fact that DNS takes time in and of itself, slowing down the authentication process when you first resolve the name, then direct packets to the IP. DNS is often slower and can take seconds to resolve, whereas the timeouts for RADIUS can often occur first.

A good way to get around this is to use anycast-like addressing (works well for UDP services). Several hosts with the same IP, most specific is the one that wins in any given case.

This doesn't work as well in a LAN, but you can at least specify several RADIUS hosts by IP for redundancy in that case.

3 REPLIES

Re: Switch: radius-server host HOSTNAME problem

Hi,

I guess the reason is security?

To prevent a possible DNS spoofing attack?

BR,

Milan

Re: Switch: radius-server host HOSTNAME problem

I believe some of it has to do with the fact that DNS takes time in and of itself, slowing down the authentication process when you first resolve the name, then direct packets to the IP. DNS is often slower and can take seconds to resolve, whereas the timeouts for RADIUS can often occur first.

A good way to get around this is to use anycast-like addressing (works well for UDP services). Several hosts with the same IP, most specific is the one that wins in any given case.

This doesn't work as well in a LAN, but you can at least specify several RADIUS hosts by IP for redundancy in that case.

New Member

Re: Switch: radius-server host HOSTNAME problem

Thanx both Milan and Tim for suggestion!

R.

623
Views
0
Helpful
3
Replies
CreatePlease login to create content