Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASR9000 - BNG - Radius server quarantined

Hi,

I have a problem with my BNG. 

I have a server group with two radius servers. Both servers are up but the BNG don't send any request to only one server.

Load balance is configured.

With the command "show radius". I see that one of the server (the one which never receives requests) is marked as "Quarantined". 

What does it mean ? I don't find any doc about this.

How do I clear this quarantined status ?

Thanks for your help.

David

Everyone's tags (3)
2 REPLIES
Cisco Employee

Davidmay you please past

David

may you please past following display here ?

sh radius

sh run aaa

sh install summ

 

BR/roy

New Member

Hi Roy,Thanks for replying. I

Hi Roy,

Thanks for replying. 

I finally remove the Quarantined status from the BNG by removing the impacted radius server from the config and re-configuring it again. Now the radius are not in quarantine anymore.

But I would be to understand what appended, why means this "quarantine" and the proper way to clear it.

 

You will see below the output of the requested show. (I have replaced some private infos by ****).

The server that went in Quarantine was the ***.***.***.172

*************************************************************************************
RP/0/RSP1/CPU0:NFR-HVBU-BNG01#show run aaa
Wed Apr 30 08:33:34.439 CEST
radius source-interface Loopback200 vrf data
radius-server host ***.***.***.6 auth-port **** acct-port ****
 key 7 ****
!
radius-server host ***.***.***.171 auth-port **** acct-port ****
 key 7 ****
!
radius-server host ***.***.***.172 auth-port **** acct-port ****
 key 7 ****
!
!Radius-server ip address and auth, acct port details 
!GroupE radius-server host-address and port
radius-server ipv4 dscp af41
radius-server timeout 10
radius-server deadtime 10
radius-server disallow null-username
aaa server radius dynamic-author
 port 1700
 client ***.***.***.6 vrf data
  server-key 7 ****
 !
!
radius-server throttle access 10 access-timeout 5 accounting 10
radius-server retransmit 5
radius-server source-port extended
radius-server load-balance method least-outstanding batch-size 25 ignore-preferred-server
radius-server dead-criteria tries 4
 
aaa attribute format MY_AUTH_1
 circuit-id
!
aaa attribute format NAS_PORT_FORMAT
 circuit-id
!
aaa radius attribute nas-port-id format NAS_PORT_FORMAT
aaa group server radius GRE_RADIUS
 server ***.***.***.6 auth-port **** acct-port ****
 vrf data
!
aaa group server radius RADIUS_****
 server ***.***.***.171 auth-port **** acct-port ****
 server ***.***.***.172 auth-port **** acct-port ****
 vrf OOBMGMT
 load-balance method least-outstanding batch-size 25 ignore-preferred-server
 source-interface Loopback1
!
aaa accounting subscriber AAA_SUB group RADIUS_****
aaa accounting subscriber default group GRE_RADIUS
aaa authorization subscriber AAA_SUB group RADIUS_****
aaa authorization subscriber default group GRE_RADIUS
aaa authentication subscriber AAA_SUB group RADIUS_****
aaa authentication subscriber default group GRE_RADIUS
 
**************************************************************************************************
RP/0/RSP1/CPU0:NFR-HVBU-BNG01#sh radius
Wed Apr 30 08:36:25.200 CEST
Global dead time: 10 minute(s)
Number of Servers:3
Number of request with Invalid username droped:479
 
Server: ***.***.***.6/****/****  is UP
  Total Deadtime: 7814s Last Deadtime: 601s 
  Timeout: 10 sec, Retransmit limit: 5
  Quarantined: No 
  Authentication:
    32 requests, 0 pending, 0 retransmits
    32 accepts, 0 rejects, 0 challenges
    0 timeouts, 0 bad responses, 0 bad authenticators
    0 unknown types, 0 dropped, 112 ms latest rtt
    Throttled: 0 transactions, 0 timeout, 0 failures
    Estimated Throttled Access Transactions: 0 
    Maximum Throttled Access Transactions: 0 
 
    Automated TEST Stats:
        0 requests, 0 timeouts, 0 response, 0 pending
  Accounting:
    42528 requests, 0 pending, 2 retransmits
    42528 responses, 2 timeouts, 0 bad responses
    0 bad authenticators, 0 unknown types, 0 dropped
    4 ms latest rtt
    Throttled: 0 transactions, 0 timeout, 0 failures
    Estimated Throttled Accounting Transactions: 0 
    Maximum Throttled Accounting Transactions: 0
 
    Automated TEST Stats:
        0 requests, 0 timeouts, 0 response, 0 pending
 
Server: ***.***.***.171/****/****  is UP
  Total Deadtime: 23565s Last Deadtime: 601s 
  Timeout: 10 sec, Retransmit limit: 5
  Quarantined: No 
  Authentication:
    6 requests, 0 pending, 0 retransmits
    6 accepts, 0 rejects, 0 challenges
    0 timeouts, 0 bad responses, 0 bad authenticators
    0 unknown types, 0 dropped, 2 ms latest rtt
    Throttled: 0 transactions, 0 timeout, 0 failures
    Estimated Throttled Access Transactions: 0 
    Maximum Throttled Access Transactions: 0 
 
    Automated TEST Stats:
        0 requests, 0 timeouts, 0 response, 0 pending
  Accounting:
    1525 requests, 0 pending, 27 retransmits
    1504 responses, 48 timeouts, 0 bad responses
    0 bad authenticators, 0 unknown types, 0 dropped
    2 ms latest rtt
    Throttled: 0 transactions, 0 timeout, 0 failures
    Estimated Throttled Accounting Transactions: 0 
    Maximum Throttled Accounting Transactions: 0
 
    Automated TEST Stats:
        0 requests, 0 timeouts, 0 response, 0 pending
 
Server: ***.***.***.172/****/****  is UP
  Total Deadtime: 601s Last Deadtime: 601s 
  Timeout: 10 sec, Retransmit limit: 5
  Quarantined: No           ------> WAS PREVIOUSLY Yes / And no requests was sent to this server
  Authentication:
    0 requests, 0 pending, 0 retransmits
    0 accepts, 0 rejects, 0 challenges
    0 timeouts, 0 bad responses, 0 bad authenticators
    0 unknown types, 0 dropped, 0 ms latest rtt
    Throttled: 0 transactions, 0 timeout, 0 failures
    Estimated Throttled Access Transactions: 0 
    Maximum Throttled Access Transactions: 0 
 
    Automated TEST Stats:
        0 requests, 0 timeouts, 0 response, 0 pending
  Accounting:
    1475 requests, 0 pending, 3 retransmits
    1474 responses, 4 timeouts, 0 bad responses
    0 bad authenticators, 0 unknown types, 0 dropped
    3 ms latest rtt
    Throttled: 0 transactions, 0 timeout, 0 failures
    Estimated Throttled Accounting Transactions: 0 
    Maximum Throttled Accounting Transactions: 0
 
    Automated TEST Stats:
        0 requests, 0 timeouts, 0 response, 0 pending
 
*******************************************************************************
RP/0/RSP1/CPU0:NFR-HVBU-BNG01#sh install sum
Wed Apr 30 08:41:19.007 CEST
Default Profile:
  SDRs:
    Owner
  Active Packages:
    disk0:asr9k-9000v-nV-px-4.3.4
    disk0:asr9k-doc-px-4.3.4
    disk0:asr9k-fpd-px-4.3.4
    disk0:asr9k-k9sec-px-4.3.4
    disk0:asr9k-mcast-px-4.3.4
    disk0:asr9k-mgbl-px-4.3.4
    disk0:asr9k-mini-px-4.3.4
    disk0:asr9k-mpls-px-4.3.4
    disk0:asr9k-optic-px-4.3.4
    disk0:asr9k-services-px-4.3.4
    disk0:asr9k-video-px-4.3.4
    disk0:asr9k-bng-px-4.3.4
  Inactive Packages:
    No packages.
  Committed Packages:
    disk0:asr9k-9000v-nV-px-4.3.4
    disk0:asr9k-doc-px-4.3.4
    disk0:asr9k-fpd-px-4.3.4
    disk0:asr9k-k9sec-px-4.3.4
    disk0:asr9k-mcast-px-4.3.4
    disk0:asr9k-mgbl-px-4.3.4
    disk0:asr9k-mini-px-4.3.4
    disk0:asr9k-mpls-px-4.3.4
    disk0:asr9k-optic-px-4.3.4
    disk0:asr9k-services-px-4.3.4
    disk0:asr9k-video-px-4.3.4
    disk0:asr9k-bng-px-4.3.4
  Superceded Packages:
    No packages.
231
Views
0
Helpful
2
Replies