Solved: Re: Radius: the order of radius group

naoki_Japan · ‎10-14-2021

@Example of the command

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

aaa gorup server radius TestA
server name AAAAA

aaa gorup server radius TestB
server name BBBBB

aaa gorup server radius TestC
server name CCCCC

aaa authentication dot1x default group TestA group TestB group TestC

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

If configured like above, how does the radius client(cisco Switch) process the authentication request?

I wanna know to which aaa server the authentication request will be send. round-robin, least-loading or something?

I assume that the request will be sent to TestA, and if the TestA server is down and cannot react, the process go to TestB and similarly next to TestC.

please tell me the correct answer.

Damien Miller · ‎10-14-2021

Do you have to do it that way?

Usually we do it this way.

aaa group server radius rad_srv_group
server name AAAAA

server name BBBBB

server name CCCCC

aaa authentication dot1x default group rad_srv_group

This will use aaaaa first, then if unavailable bbbbb, then if it's also unavailable ccccc. If all three are down, it will return and try aaaaa again.

View solution in original post

Damien Miller · ‎10-14-2021