08-19-2013 04:11 PM - edited 03-07-2019 03:01 PM
Hi experts,
We are reviewing to deploy 802.1x with 2 or 3 RADIUS server to acomplish a 'high availability'' model, but we do not know if this is possible.
We tried to find out some information about, but documentation do not mention if is possible to deploy 802.1x AND two or three RADIUS server on same scenario.
Someone can help to clarify this?
Thanks
guruiz
Solved! Go to Solution.
08-19-2013 04:25 PM
There are two things that have to be taken into account:
1) Your NAD has to be configured with multiple RADIUS-Servers. If one server is declared dead, the second or third server is used. In IOS there are different ways to check if a server is available or not. This is documented in the 802.1x part of the configuratiuon guide of your switch.
2) The radius-servers have to replicate their database to all members. In the Cisco-portfolio that can be done with ACS or ISE. Others are using FreeRADIUS for that and some are even using the RADIUS-server that is íncluded with Windows Server.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
08-19-2013 04:25 PM
There are two things that have to be taken into account:
1) Your NAD has to be configured with multiple RADIUS-Servers. If one server is declared dead, the second or third server is used. In IOS there are different ways to check if a server is available or not. This is documented in the 802.1x part of the configuratiuon guide of your switch.
2) The radius-servers have to replicate their database to all members. In the Cisco-portfolio that can be done with ACS or ISE. Others are using FreeRADIUS for that and some are even using the RADIUS-server that is íncluded with Windows Server.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
08-19-2013 07:02 PM
Hello Karsten,
Your answer is more than helpful.....Clear and enlightening.
Thank you much.
guruiz
08-22-2013 07:54 AM
Hi Karsten,
I miss this question regarding Cisco ACS....do you know if it is necessary a specific license or additional software on ACS to support database replication ?
Thank you for your help.
Regards,
guruiz
08-22-2013 09:36 AM
You just need additional server-licenses, and if you have more then 500 NADs, then an additional "unlimited"-License for your whole deployment.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
08-22-2013 11:17 AM
Hi Karsten,
Again ...thank you so much !
guruiz
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: