Cisco ACE 20 - sticky radius attribute not working

Zarahelll · ‎06-03-2013

Hello to you all

I need your help. I´m trying to create a sticky group applied to my auth serverfarm based on the calling-station-id attribute, but for some reason when I apply the configs, I get not replies from my rservers. I´ve checked the radius servers, and no packets are getting to them. For some reason, when I create the sticky group the ACE 20 doesn´t distribute the traffic at all.

The service-policy is inservice, all the rservers are operational, but there´s no replies to my authentication requests, and no entries in the sticky database.

My current configs:

ADMIN context:

resource-class RADIUS-STICKY

limit-resource all minimum 0.00 maximum unlimited

limit-resource sticky minimum 10.00 maximum unlimited

context context-radius

member RADIUS-STICKY

CONTEXT-RADIUS context:

serverfarm host RADIUS-AUTH

predictor leastconns

probe RADIUS-PROBE-AUTH

rserver RADIUS-01

inservice

rserver RADIUS-02

inservice

rserver RADIUS-03

inservice

sticky radius framed-ip calling-station-id RADIUS-AUTH

serverfarm RADIUS-AUTH

timeout 5

policy-map type loadbalance first-match RADIUS-AUTH

class class-default

sticky-serverfarm RADIUS-AUTH

Am I missing anything?

Best wishes

Zarahelll · ‎06-03-2013

I figured it out

The loadbalance policy-map has to be set has a L7 Radius policy map:

policy-map type loadbalance radius first-match RADIUS-AUTH

class class-default

sticky-serverfarm RADIUS-AUTH

It now inspects the Radius packets and is able to apply stickiness.