03-28-2017 06:09 AM - edited 03-11-2019 12:34 AM
Hi,
I have configured my BNG with two radius servers in one aaa group :
radius server rad-01 radius server rad-02
radius-server dead-criteria time 15 tries 3 |
with this configuration, once my first radius server becomes unavailable, BNG will try second radius. This is working fine.
My problem is that once there is a network outage between BNG and Radius, both AAA servers become DEAD and for 10 minutes BNG don't try to check if radius status is UP (radius-server deadtime 10).
I want to use automate-tester feature to query radius server status when it becomes DEAD.
According to cisco documentation , using probe-on feature can switch server status from DEAD to up:
The use of this additional key word in the automate-tester command ensures that:
● The probes are sent out only when the RADIUS server is marked DEAD
● A DEAD server will be marked “UP” only when a response is received from the RADIUS server.
I have already configured probe-on feature, but still I don't see any packets from BNG once radius becomes DEAD. Is there any workaround for this issue?
Regards,
Nasser
01-26-2018 12:24 PM
Software?
01-26-2018 01:01 PM
03-21-2019 07:47 AM
the problem seems to be related to " automate-tester username dummy ignore-acct-port probe-on". Can you try to remove that CLI. We are working on a fix,
04-19-2023 01:27 PM
dhristov,
Has a fix been provided for the above?
04-19-2023 04:08 PM
The bugID provided earlier in this thread lists various Known Fixed Releases. Please check the release notes for the specific code train you are using.
CSCvg79459 - Automate-tester does not send probes when the server is dead
02-15-2024 05:45 AM
Just to let you know I tested on version 17.9.4a and not possible to use idle-time and probe-on in the same syntax.Not really know when this will be implemented. Please check info below that may help to understand how it works automate tester as documentation does not explain.
I was doing some test to see how works the radius automate-tester username test-user ignore-acct-port probe-on. Based on my test I did in three switches 3850 and two 9300 with version 17.9.4a and version 17.6.4 it behaved the same way. It seems the automate-tester username test-user ignore-acct-port probe-on command works based on deadtime configuration.
I configured radius-server deadtime with following numbers for my test:
deadtime 2 minutes the automate-tester username test-user ignore-acct-port probe-on , it takes two minutes with 15 seconds more or less to send 4 request and those request every 5 seconds. Once the 4 request are sent, it needs to wait the two minutes again to send the probe again.
deadtime 3 minutes the automate-tester username test-user ignore-acct-port probe-on , it takes three minutes with 15 seconds more or less to send 4 request and each request every 5 seconds. Once the 4 request are sent, it needs to wait the three minutes again to send the probe again.
deadtime 4 minutes the automate-tester username test-user ignore-acct-port probe-on , it takes four minutes with 15 seconds more or less to send 4 request and each request every 5 seconds. Once the 4 request are sent, it needs to wait the four minutes again to send the probe again.
deadtime 15 minutes the automate-tester username test-user ignore-acct-port probe-on , it takes fifteen minutes with 15 seconds more or less to send 4 request and each request every 5 seconds. Once the 4 request are sent, it needs to wait the fifteen minutes again to send the probe again.
And so on. The only way I really found this useful was leaving the deadtime in 0 witch is the default, as you know when is in default may causing flapping as server is mark dead and alive immediately but when it has the automate-tester username test-user ignore-acct-port probe-on it works just fine.
Explanation:
Automate-tester with probe-on will send probes after every Dead-time expiry.
Default dead-time for automate-tester is 60 seconds. In this case probes will be sent to the server only if the state of the sever is DEAD. To achieve this whenever user configures automate-tester with probe-on sate of the server will be forced to mark DEAD irrespective of current state. So that after dead-time expires probe-on can take a part in sending test packets
Packets will be sent on both IOS and BINOS (Both on SMD and WNCD).
IOS: One authentication packet and one accounting packet
BINOS: Only one authentication packet
Note: As soon as user configures "automate-tester probe-on", server will be intentionally mark the server as DEAD and start the deadtime (default is 60 sec if radius-server deadtime not configured). This will affect user/customer if user is having a large deadtime and during config or bootup server will be marked DEAD for that much of time. once the deadtimer expires packet(probes) will be sent and correct state will be updated based on the result.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide