https://community.cisco.com/t5/network-access-control/802-1x-multi-server-radius/m-p/4488701#M570510 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1263942">@m.humbert</a>&nbsp;- Yes. Like&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/97036">@Rob Ingram</a>&nbsp;said, you can list those in a group and used the group name in your aaa statements. The first in the list is the active one; if down,&nbsp; the switch try the next and so on.</P><P>On some platforms, it could&nbsp; look like this:</P><P>&nbsp;</P><P>service password-encryption</P><P>aaa group server radius "ISE_Group_Name"<BR />server-private "IP_ISE1" auth-port 1812 acct-port 1813 key "Radius_Key"<BR />server-private "IP_ISE2" auth-port 1812 acct-port 1813 key "Radius_Key"<BR /><BR /></P><P>aaa authentication dot1x default group "ISE_Group_Name"<BR />aaa authorization network default group "ISE_Group_Name"<BR />aaa accounting dot1x default start-stop group "ISE_Group_Name"</P><P>&nbsp;</P> Tue, 19 Oct 2021 17:15:12 GMT Pat Pouna 2021-10-19T17:15:12Z https://community.cisco.com/t5/network-access-control/802-1x-multi-server-radius/m-p/4488535#M570504 <P>Hi everyone,</P><P>i'm working on project to deploy 802.1X security on all my L2 switches on our HQ. this part is the first step but we plan to deploy this security on all L2 switches of remote site (Branch office, shop, warehouse..)</P><P>- we are using NPS from Win2016 Std</P><P>i would like to know if it possible to setup two Radius server for dot1x authentication on switches? (redondancy purpose) like you can setup two dhcp server.</P><P>So if the first radius down, the switch try to reach the second one....</P><P>&nbsp;</P> Tue, 19 Oct 2021 13:36:23 GMT https://community.cisco.com/t5/network-access-control/802-1x-multi-server-radius/m-p/4488535#M570504 m.humbert 2021-10-19T13:36:23Z https://community.cisco.com/t5/network-access-control/802-1x-multi-server-radius/m-p/4488542#M570505 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1263942">@m.humbert</a>&nbsp;yes you can, setup 2 radius servers and add them to a aaa group, reference the group in the aaa authentication command.</P> <P>&nbsp;</P> <PRE>radius server ISE-1 <BR />address ipv4 192.168.10.10 auth-port 1812 acct-port 1813 <BR />automate-tester username switch-probe ignore-acct-port probe-on <BR />key XXXXXXXX <BR />! <BR />radius server ISE-2 <BR />address ipv4 192.168.10.11 auth-port 1812 acct-port 1813 <BR />automate-tester username switch-probe ignore-acct-port probe-on <BR />key XXXXXXXX <BR />! <BR />aaa group server radius ISE-RADIUS <BR />server name ISE-1 <BR />server name ISE-2<BR />!<BR />aaa authentication dot1x default group ISE-RADIUS</PRE> <P>&nbsp;</P> Tue, 19 Oct 2021 13:51:30 GMT https://community.cisco.com/t5/network-access-control/802-1x-multi-server-radius/m-p/4488542#M570505 Rob Ingram 2021-10-19T13:51:30Z https://community.cisco.com/t5/network-access-control/802-1x-multi-server-radius/m-p/4488701#M570510 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1263942">@m.humbert</a>&nbsp;- Yes. Like&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/97036">@Rob Ingram</a>&nbsp;said, you can list those in a group and used the group name in your aaa statements. The first in the list is the active one; if down,&nbsp; the switch try the next and so on.</P><P>On some platforms, it could&nbsp; look like this:</P><P>&nbsp;</P><P>service password-encryption</P><P>aaa group server radius "ISE_Group_Name"<BR />server-private "IP_ISE1" auth-port 1812 acct-port 1813 key "Radius_Key"<BR />server-private "IP_ISE2" auth-port 1812 acct-port 1813 key "Radius_Key"<BR /><BR /></P><P>aaa authentication dot1x default group "ISE_Group_Name"<BR />aaa authorization network default group "ISE_Group_Name"<BR />aaa accounting dot1x default start-stop group "ISE_Group_Name"</P><P>&nbsp;</P> Tue, 19 Oct 2021 17:15:12 GMT https://community.cisco.com/t5/network-access-control/802-1x-multi-server-radius/m-p/4488701#M570510 Pat Pouna 2021-10-19T17:15:12Z https://community.cisco.com/t5/network-access-control/802-1x-multi-server-radius/m-p/4489048#M570522 <P>Hi Rob,</P><P>many thanks for your help !</P><P>i had some trouble with other option but i finished to make it works <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>have nice day !</P> Wed, 20 Oct 2021 08:51:24 GMT https://community.cisco.com/t5/network-access-control/802-1x-multi-server-radius/m-p/4489048#M570522 m.humbert 2021-10-20T08:51:24Z