Hi.
I want to create such policy, that users, while in dead radius fallback mode are not getting interrupted, untill radius replied.
All examples i saw, set 1 minute timeout, set fallback service applied and after timer expires, they force to drop session and start over, it radius is not back on, users has no fallback service during radius timeout, which is unacceptable.
here is what i tried, but after radius comes back, users got aouthenticated but continue using Fallback50m service and completely ignoring radius supplied services.
any thoughts?
policy-map type control testing
class type control CM_C_IPOE_REJECT_REAUTH event timed-policy-expiry
1 service disconnect
!
class type control CM_C_IPOE_RTIMEOUT_REAUTH event timed-policy-expiry
10 authorize aaa list IPOE password ciscoo identifier source-ip-address
!
class type control always event session-start
10 authorize aaa list IPOE password ciscoo identifier source-ip-address
!
class type control always event access-reject
20 set-timer IPOE_REJECT_REAUTH 1
30 service-policy type service name Redirect100
40 service-policy type service name Redirect110
50 service-policy type service name Redirect400
60 service-policy type service name Redirect410
70 service-policy type service name Redirect500
80 service-policy type service name Redirect510
!
class type control always event radius-timeout
10 set-timer IPOE_RTIMEOUT_REAUTH 1
20 service-policy type service name Failover50m
!
class type control always event account-logon
10 service-policy type service unapply name Failover50m
20 service-policy type service aaa list IPOE identifier authenticated-username
!
class type control always event account-logoff
1 service disconnect
!