Multiple RADIUS on a switch

ryouzanki · ‎11-06-2024

Hello ! I have a little issue here with multiple RADIUS on a switch. I cannot identify my user before they connect to the RADIUS server so I cant put them in groups. Adding both RADIUS on the switch makes the switch interrogate them in order. It sends the query to the first RADIUS and, as the documentation said, will only ask the second RADIUS if the first doesnt answer. But if the first RADIUS send a deny then the switch wont ask the second RADIUS. I have a problem here because my two RADIUS are for 2 differents group of people. I want the switch to still ask the second RADIUS if it received a deny-access answer. If a user of the second RADIUS try to connect, the switch will ask the first RADIUS, receive a deny-access and will kick my user of the second RADIUS. How can I fix that ?

Flavio Miranda · ‎11-06-2024

@ryouzanki

I dont believe this possible and , in my opinion, It should not be possble. If the switch got a response from Radius, It must accecpt It and not keep asking around until get a different answer.

MHM Cisco World · ‎11-06-2024

it issue of server, you can config server dont reply to access-request when user not found in DB

this make SW try second Server

MHM

Elliot Dierksen · ‎11-06-2024

Are the users in different domains? I ask because I know way back that access servers could select different authentication servers based on the domain of the user.

ryouzanki · ‎11-06-2024

Yeah I read the documentation and didnt find any solution so I came here trying my luck, hoping for a miracle haha...

Unfortunately, all users are in the same company domain...