Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
640
Views
0
Helpful
2
Replies

CSS11501 one arm configuration for CSACS Radius Authentication traffic

fayyaz_s
Level 1
Level 1

‎11-06-2009 01:44 PM

Is it possible to deploy the CSS11501 in one arm design to loadbalance the authentication traffic Radius across CSACS servers which is on UDP 1645 or 1812 port, is it required to configure the NAT or not, if yes how can define the shared secret in the CSS. also tell me how to configure the keepalive for udp traffic in this scenario other then default icmp keep alive

Labels:
0 Helpful
2 Replies 2

Gilles Dufour
Cisco Employee
Cisco Employee

‎11-09-2009 03:03 AM

1/ there is no udp probe.

2/ If you want to loadbalance radius traffic, you don't need to define radius on the CSS...we will just treat the traffic as udp flows.

3/ if you are in one-armed mode, you need to find a way to guarantee that response traffic goes back to the CSS...client-nat is usually the easiest solution but than the destination sees connection from a single source....another option is policy-based routing.

Gilles.

0 Helpful

AdnanShahid
Level 1
Level 1
In response to Gilles Dufour

‎06-28-2011 09:07 AM

Hi Gilles,

I am having the same issue in one of my cases (with authentication done by servers for the clients). Can you send me any documents with CSS loadbalancer doing this policy based routing or can you  share any  idea how can I achieve this. The client-nat is not suited in our environment. It would be very helpful if you could share me some docs or ideas.

BR//

Adnan

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card