cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
628
Views
0
Helpful
2
Replies

CSS11501 one arm configuration for CSACS Radius Authentication traffic

fayyaz_s
Level 1
Level 1

Is it possible to deploy the CSS11501 in one arm design to loadbalance the authentication traffic Radius across CSACS servers which is on UDP 1645 or 1812 port, is it required to configure the NAT or not, if yes how can define the shared secret in the CSS. also tell me how to configure the keepalive for udp traffic in this scenario other then default icmp keep alive

2 Replies 2

Gilles Dufour
Cisco Employee
Cisco Employee

1/ there is no udp probe.

2/ If you want to loadbalance radius traffic, you don't need to define radius on the CSS...we will just treat the traffic as udp flows.

3/ if you are in one-armed mode, you need to find a way to guarantee that response traffic goes back to the CSS...client-nat is usually the easiest solution but than the destination sees connection from a single source....another option is policy-based routing.

Gilles.

Hi Gilles,

I am having the same issue in one of my cases (with authentication done by servers for the clients). Can you send me any documents with CSS loadbalancer doing this policy based routing or can you  share any  idea how can I achieve this. The client-nat is not suited in our environment. It would be very helpful if you could share me some docs or ideas.

BR//

Adnan

Review Cisco Networking for a $25 gift card