Re: AAA authentication with RADIUS

Rojer-bkk · ‎04-08-2011

Hi,

aaa authentication login user-list group radius local

!

radius-server host 10.1.1.3 auth-port 1645 acct-port 1646 key xxxx

radius-server deadtime 10

If i add more radius-server host such as

radius-server host 10.1.1.4 auth-port 1645 acct-port 1646 key xxxx

1. Server 10.1.1.4 will be backup for server 10.1.1.3?

2. Can i configure to be radius group?

Thanks

andamani · ‎04-08-2011

Hi,

you can try the following:

Router(config)# aaa group server radius

Router(config-sg radius)# server 10.1.1.3

Router(config-sg radius)# server 10.1.1.4

when you configure the aaa group like this 10.1.1.3 will be primary and 10.1.1.4 is secondary

Hope this helps.

Regards,

Anisha

P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

Rojer-bkk · ‎04-08-2011

Hi Anisha

Please correct me if i'm wrong.

You mean secondary server will be used if router check either primary server fail or uable to access to service port?

andamani · ‎04-09-2011

Hi,

The secondary server will be checked only when the primary server is not reachable.

Hope this helps.

Regards,

Anisha

P.S.: please mark this thread as answered, if you feel your query is resolved. Do rate helpful posts.

Rojer-bkk · ‎04-11-2011

Hi Anisha,

If router authenticate via secondary host, can i force router back to authenticate through primary RADIUS host? or router can do if it check primary host back? Thanks for feedback

andamani · ‎04-11-2011

Hi,

The router will not check the primary server on its own if the session is up with the secondary server.

you need to make the secondry server unreachable and then it will check for the primary server and autenticate if the server is up.

Hope this helps.

Regards,

Anisha

P.S.: please mark this thread as answered, if you feel your query is resolved. Do rate helpful posts.