08-18-2005 01:49 PM - edited 03-10-2019 02:16 PM
Currently piloting wired 802.1x using Cisco ACS 3.3 for RADIUS, Catalyst switches, and 2000/XP/OSX built-in 802.1x supplicants.
Built 2 ACS servers for redundancy, but notice when I down the "primary" server, ports do not get authorized as quickly as we would like (sometimes not at all). I list both radius servers on the switches using the "radius-server" commands.
Is there anyway to speed up the failover?
08-19-2005 05:53 AM
Hi
The switch first trys to reach acs 1, and after some time (retransmit x timeout) it trys to connect to the secondary acs. Usualy (at least on a 1200ap) the retransmit is 3 times, the timout is 10 seconds, so that make 30 seconds until it trys to reach the second acs. You can speed that up by changing the following two vaules:
radius-server retransmit (value)
radius-server timout (value in seconds)
plus aditionaly you can play with the value:
radius-server deadtime
to mark a acs as down for a period of time so the switch doesn't try to reach it for that period of time.
I hope that helps.
09-01-2005 12:34 PM
On my cat6000, I kept the radius defaults and adjusted the dot1x server-timeout to 10 seconds. The normal machine auth takes about 10 seconds. Upon ACS failure there is an additional 10 seconds totaling 20 seconds for machine auth.
Here are all my settings that work in my 802.1x wired environment with ACS redundancy.
show radius
RADIUS Deadtime: 0 minutes
RADIUS Key:
RADIUS Retransmit: 2
RADIUS Timeout: 5 seconds
Framed-Ip Address Transmit: Disabled
show dot1x
PAE Capability Authenticator Only
Protocol Version 1
system-auth-control enabled
max-req 2
quiet-period 60 seconds
radius-accounting disabled
radius-vlan-assignment enabled
radius-keepalive state enabled
re-authperiod 3600 seconds
server-timeout 10 seconds
shutdown-timeout 300 seconds
supp-timeout 30 seconds
tx-period 7 seconds
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide