Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1693
Views
5
Helpful
6
Replies

Using "RADIUS automate-tester" functionality with idle-timeout keyword

Go to solution
rezaalikhani
VIP
VIP

‎12-19-2023 09:03 PM

Hi all;

As far as I know, the "idle-timeout" keyword when used with "RADIUS automate-tester" functionality forces the switch to probe configured RADIUS servers unconditionally (the servers are in “DEAD” or “ALIVE” state or not). Is my understanding correct?

Thanks

1 person had this problem
1 Accepted Solution

Accepted Solutions

Go to solution
Arne Bier
VIP
VIP

‎12-19-2023 09:17 PM

AFAIK the idle-timeout means that it will fire off a probe to the RADIUS server if (and only if) the idle-timer has expired. This means you don't waste time sending probes to a RADIUS server that is actively being used and is healthy. You only want to check the RADIUS server if you have not spoken to it for X number of minutes. If the response is negative, then in theory the dead holddown timer should hold that server down as "dead" - this should make the user experience better because the timeout is being proactively dealt with, as opposed to the user having to suffer the timeout/retry.

View solution in original post

6 Replies 6

Go to solution
Arne Bier
VIP
VIP

‎12-19-2023 09:17 PM

AFAIK the idle-timeout means that it will fire off a probe to the RADIUS server if (and only if) the idle-timer has expired. This means you don't waste time sending probes to a RADIUS server that is actively being used and is healthy. You only want to check the RADIUS server if you have not spoken to it for X number of minutes. If the response is negative, then in theory the dead holddown timer should hold that server down as "dead" - this should make the user experience better because the timeout is being proactively dealt with, as opposed to the user having to suffer the timeout/retry.

Go to solution
MHM Cisco World
VIP
VIP

‎12-19-2023 10:02 PM

automate tester name | retransmit value | timeout seconds

sorry but I dont see idle-timeout in command reference
what is platform and IOS ver.
thanks 
MHM

0 Helpful

Go to solution
Arne Bier
VIP
VIP
In response to rezaalikhani

‎12-20-2023 12:53 AM

Eeeek! UDP 1645 and 1646 - why not 1812/1813?

Go to solution
rezaalikhani
VIP
VIP
In response to Arne Bier

‎12-20-2023 08:05 AM

As the IOS of the switch based on 15.0(2)SE11, it chooses UDP 1645 and 1646, by default.

0 Helpful

Go to solution
Arne Bier
VIP
VIP
In response to rezaalikhani

‎12-20-2023 01:35 PM

Yes. Shame on Cisco for perpetuating that legacy. Which, it turns out was a mistake made in the early days of RADIUS.

I am a RADIUS pedant - Check out this useful comment dating back as far as 1997 !!! RFC 2138 - Remote Authentication Dial In User Service (RADIUS) (ietf.org) 

Implementation Note

   This memo documents the RADIUS protocol.  There has been some
   confusion in the assignment of port numbers for this protocol.  The
   early deployment of RADIUS was done using the erroneously chosen port
   number 1645, which conflicts with the "datametrics" service.  The
   officially assigned port number for RADIUS is 1812.

 

Customers Also Viewed These Support Documents