How to configure CTS Server RADIUS Load Balancing in CSR1000v

rezaalikhani · ‎09-05-2024

Hi all;

Consider the following output from a CSR1000v with IOS XE 17.03.05 or Catalyst 8000v:

My problem is that, I could not find a way in this platform to configure the CTS Server RADIUS Load Balancing feature.

Any ideas?

Thanks

MHM Cisco World · ‎09-05-2024

load-balance method least-outstanding [batch-size number] [ignore-preferred-server] <<- this command under radius group

MHM

rezaalikhani · ‎09-05-2024

Thanks for your reply;

MHM Cisco World · ‎09-05-2024

Add at least two server under group and check

Thanks

MHM

rezaalikhani · ‎09-05-2024

Look at the following figure:

Any ideas?

Thanks

Rob Ingram · ‎09-05-2024

@rezaalikhani I've not tried it myself yet, but TrustSec server list can be randomised.

Server and IP Address Selection Process

The order of server-selection is the private server-list (received as part of server-list download), followed by the public server-list (configured servers). Within these server lists, the order can either be random selection or in-order selection based on whether the cts policy-server order random command is enabled or not.

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9200/software/release/17-13/configuration_guide/cts/b_1713_cts_9200_cg/sgacl_and_environment_data_download_over_rest.html#con_policy_server_selection_criteria

rezaalikhani · ‎09-05-2024

I already know this feature but based on the following screenshot, apparently it is another feature than CTS server load balancing...

Rob Ingram · ‎09-05-2024

@rezaalikhani try the command cts server load-balance command:-

https://www.cisco.com/c/en/us/td/docs/switches/lan/trustsec/configuration/guide/trustsec/command_sum.html#10301

The previous example was if using Rest API method.

rezaalikhani · ‎09-05-2024

Thanks for your reply; I already tried your mentioned solution:

Rob Ingram · ‎09-05-2024

@rezaalikhani I checked in my lab, it looks like that command is not available on CSR1000v 17.3

However it does work on IOL image

balaji.bandi · ‎09-05-2024

Looks for me this may be limitation of v image, what is the version of CSR1000v you trying ? - have you tried latest version ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

rezaalikhani · ‎09-09-2024

Thanks for your reply;

The same behavior is observed in Catalyst 8000v with IOS XE version 17.12. Agreed with you, I think this is the limitation of "v" images...

Damien Miller · ‎09-05-2024

I've done a lot of trustsec deployments and never needed this. Is there a specific use of the case here or reason you want this enabled?

rezaalikhani · ‎09-09-2024

Just for my understanding and research...