10-01-2024 07:37 PM
on the switch we have two radius server entry.
server A
server B
the radius server A is down and unreachable.
issues happen where all the endpoint in LAN not able to authenticate to radius server.
show radius AAA server output show that the priority is 1 and still point to server A
Question, why the switch is not auto/redundant/failover to server B??
to mitigate this issues, we removed the server A from the running-config
10-01-2024 09:51 PM
Radius service down does not mean server is down, if server A is pingable request will still go to Server A first.
these values can be configured globally or a per radius server basis, for instance
Device(config-radius-server)# retransmit 5
Specifies how many times the device transmits each RADIUS request to the server before giving up (the default is 3).
similarly
Device(config-radius-server)# timeout 3
Specifies for how many seconds a device waits for a reply to a RADIUS request before retransmitting the request.
based on these values device will wait before trying Server B
10-01-2024 10:19 PM
Meaning we need to configure this timeout and retransmit in the config.
This is when the problem happen
server A - 10.2x4.x.94
server B - 10.2x6.x.94
It still not failover to server B
Hostname02#sh aaa servers
RADIUS: id 1, priority 1, host 10.2x4.x.94, auth-port 1812, acct-port 1813
State: current UP, duration 4294967s, previous duration 0s
Dead: total time 0s, count 0
Platform State: current UP, duration 67s, previous duration 0s
Platform Dead: total time 0s, count 432
Quarantined: No
Authen: request 11096, timeouts 4299, failover 0, retransmission 3227
Response: accept 621, reject 142, challenge 6034
Response: unexpected 0, server error 0, incorrect 0, time 101ms
Transaction: success 6797, failure 1072
Throttled: transaction 0, timeout 0, failure 0
Author: request 0, timeouts 0, failover 0, retransmission 0
Response: accept 0, reject 0, challenge 0
Response: unexpected 0, server error 0, incorrect 0, time 0ms
Transaction: success 0, failure 0
Throttled: transaction 0, timeout 0, failure 0
Account: request 980, timeouts 37, failover 0, retransmission 28
Request: start 332, interim 0, stop 330
Response: start 331, interim 0, stop 322
Response: unexpected 0, server error 0, incorrect 0, time 46ms
Transaction: success 943, failure 9
Throttled: transaction 0, timeout 0, failure 0
Elapsed time since counters last cleared: 7w6d2h1m
Estimated Outstanding Access Transactions: 0
Estimated Outstanding Accounting Transactions: 0
Estimated Throttled Access Transactions: 0
Estimated Throttled Accounting Transactions: 0
Maximum Throttled Transactions: access 0, accounting 0
Requests per minute past 24 hours:
high - 7 hours, 15 minutes ago: 1126
low - 2 hours, 1 minutes ago: 0
average: 1
RADIUS: id 2, priority 2, host 10.2x6.x.94, auth-port 1812, acct-port 1813
State: current UP, duration 4294967s, previous duration 0s
Dead: total time 0s, count 0
Platform State: current UP, duration 4759299s, previous duration 0s
Platform Dead: total time 0s, count 0
Quarantined: No
Authen: request 1073, timeouts 1, failover 1072, retransmission 1
Response: accept 1, reject 3, challenge 1068
Response: unexpected 0, server error 0, incorrect 0, time 231ms
Transaction: success 1072, failure 0
Throttled: transaction 0, timeout 0, failure 0
Author: request 0, timeouts 0, failover 0, retransmission 0
Response: accept 0, reject 0, challenge 0
Response: unexpected 0, server error 0, incorrect 0, time 0ms
Transaction: success 0, failure 0
Throttled: transaction 0, timeout 0, failure 0
Account: request 12, timeouts 4, failover 9, retransmission 3
Request: start 1, interim 0, stop 8
Response: start 1, interim 0, stop 7
Response: unexpected 0, server error 0, incorrect 0, time 211ms
Transaction: success 8, failure 1
Throttled: transaction 0, timeout 0, failure 0
Elapsed time since counters last cleared: 7w6d2h1m
Estimated Outstanding Access Transactions: 0
Estimated Outstanding Accounting Transactions: 0
Estimated Throttled Access Transactions: 0
Estimated Throttled Accounting Transactions: 0
Maximum Throttled Transactions: access 0, accounting 0
Requests per minute past 24 hours:
high - 7 hours, 11 minutes ago: 1130
low - 2 hours, 1 minutes ago: 0
average: 0
10-01-2024 11:28 PM
But as I see both server is UP and there is no previous duration meaning it not flapping' can you confirm if server A is down or not.
MHM
10-02-2024 12:48 AM - edited 10-02-2024 12:53 AM
Yes on day 1 - the server A still UP in term of connectivity but services not working (consider the server is down)
then we shutdown the server A
on endpoint end , still not able to authenticate, I think due to i dont have any global config of retransmit and timeout as mention by @ammahend
Currently on my SW config there is no mention of retransmit and timeout , just an entry of 2 radius server , server A & B
10-02-2024 01:55 AM
Friend these settings is run by defualt' in some little cased we change these defualt values.
Please share show aaa server when serverA is down
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide