Thank you Adeolu for your

Mohammed El-Batniji · ‎04-15-2015

I have ISE running on my network and I have 802.1x authentication on all access switches. The authentication happens through a pool of RADIUS servers that are configured on all the switches. I am facing a problem with one of the RADIUS servers. That server is not down, but its response is very slow causing the authentication to take a long time. I don't want to take the server off the network because I need to troubleshoot the problem and changing the configuration on all the switches is a headache (more than 100 switches). What is the easiest way to do a bulk configuration change on all the switches to remove the faulty RADIUS server until I resolve the problem?

Adeolu Owokade · ‎04-15-2015

Hi Mohammed,

Perhaps you can use a script e.g. Expect to achieve it.

I wrote an article on how to use Expect for automation tasks here. You can copy the script and the end of that article and edit it for your need.

Note: An updated script with error checking can be found here.

Mohammed El-Batniji · ‎04-15-2015

Thank you Adeolu for your reply. What I was looking for is a mechanism where the pool can be modified from a central location or a dynamic way to remove a RADIUS server from a pool that is configured on all the switches.

I can use Cat Tools to apply the command to switches but i was looking for another way to do it as I mentioned above.

phosawyer · ‎04-16-2015

How about taking the faulty server off your network or shutting down the RADIUS service/daemon?

If the switches dont get a response from the server they should mark it as down and not use it.

RADIUS pool configuration on access switches