how to set two radius servers one is window NPS another is cisco radius server

martlee2 — Tue, 26 Mar 2019 00:32:54 GMT

when i try the following command, once window priority is first , i type cisco radius user name, it authenticated fail

i can not use both at the same time

radius-server host 192.168.1.3 is window NPS

radius-server host 192.168.1.1 is cisco radius

http://blog.skufel.net/2012/06/how-to-integrating-cisco-devices-access-with-microsoft-npsradius/

conf t
no aaa authentication login default line
no aaa authentication login local group radius
no aaa authorization exec default group radius if-authenticated
no aaa authorization network default group radius
no aaa accounting connection default start-stop group radius

aaa new-model
!
aaa group server radius IAS
server 192.168.1.1 auth-port 1812 acct-port 1813
server 192.168.1.3 auth-port 1812 acct-port 1813

!
aaa authentication login userAuthentication local group IAS
aaa authorization exec userAuthorization local group IAS if-authenticated
aaa authorization network userAuthorization local group IAS
aaa accounting exec default start-stop group IAS
aaa accounting system default start-stop group IAS
!
aaa session-id common
radius-server host 192.168.1.1 auth-port 1812 acct-port 1813
radius-server host 192.168.1.2 auth-port 1812 acct-port 1813
radius-server host 192.168.1.3 auth-port 1645 acct-port 1646
radius-server host 192.168.1.3 auth-port 1812 acct-port 1813
!
privilege exec level 1 show config
!
ip radius source-interface Gi0/1
!
line vty 0 4
authorization exec userAuthorization
login authentication userAuthentication
transport input telnet
!
line vty 5 15
authorization exec userAuthorization
login authentication userAuthentication
transport input telnet
end

conf t
aaa group server radius IAS
server 192.168.1.3 auth-port 1812 acct-port 1813
server 192.168.1.1 auth-port 1812 acct-port 1813
end

The first AAA server listed

nspasov — Sat, 21 Mar 2015 01:52:51 GMT

The first AAA server listed in your config will always be used unless/until it becomes unavailable. At that point the NAD would move down to the next AAA server defined on the list and use that one until it becomes unavailable and then move to third one, and so on.

If you want to use two AAA servers at the same time then you will need to put a load balancer in front of them. Then the virtual IP (vip) will be listed in the NADs vs the individual AAA servers' IPs.

I hope this helps!

Thank you for rating helpful posts!

topic how to set two radius servers one is window NPS another is cisco radius server in Network Access Control

how to set two radius servers one is window NPS another is cisco radius server

The first AAA server listed