Solved: Re: Replacement for Radius Host with Multiple Radius Servers

SuperSteve · ‎06-07-2019

I have a router that is being updated and the radius-host command needs to be replaced. I know the new command to replace this is radius server {name} followed by server ipv4 {ipaddress} and so on however this only works with one server. I have two radius servers that I want it to reference for redundancy. How would I go about doing this? I have AAA enabled I have tried using aaa group server radius {name} but there is no option there for key and cannot see how to tie this group to the radius server command.

Rob Ingram · ‎06-07-2019

Hi,

You define the 2 radius server IP address and key, then reference those 2 servers in the AAA group. E.g:-

radius server ISE1
address ipv4 192.168.10.20 auth-port 1812 acct-port 1813
key Cisco1234
radius server ISE2
address ipv4 192.168.10.21 auth-port 1812 acct-port 1813
key Cisco1234

aaa group server radius ISE
server name ISE1
server name ISE2

HTH

View solution in original post

Rob Ingram · ‎06-07-2019

Hi,

You define the 2 radius server IP address and key, then reference those 2 servers in the AAA group. E.g:-

radius server ISE1
address ipv4 192.168.10.20 auth-port 1812 acct-port 1813
key Cisco1234
radius server ISE2
address ipv4 192.168.10.21 auth-port 1812 acct-port 1813
key Cisco1234

aaa group server radius ISE
server name ISE1
server name ISE2

HTH

Mohammed al Baqari · ‎06-08-2019

Create multiple aaa servers then create a custom aaa-group with custom name
(not radius or tacacs). Assign your aaa servers to the group.