08-19-2013 04:11 PM - edited 03-07-2019 03:01 PM
Hi experts,
We are reviewing to deploy 802.1x with 2 or 3 RADIUS server to acomplish a 'high availability'' model, but we do not know if this is possible.
We tried to find out some information about, but documentation do not mention if is possible to deploy 802.1x AND two or three RADIUS server on same scenario.
Someone can help to clarify this?
Thanks
guruiz
Solved! Go to Solution.
08-19-2013 04:25 PM
There are two things that have to be taken into account:
1) Your NAD has to be configured with multiple RADIUS-Servers. If one server is declared dead, the second or third server is used. In IOS there are different ways to check if a server is available or not. This is documented in the 802.1x part of the configuratiuon guide of your switch.
2) The radius-servers have to replicate their database to all members. In the Cisco-portfolio that can be done with ACS or ISE. Others are using FreeRADIUS for that and some are even using the RADIUS-server that is íncluded with Windows Server.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
08-19-2013 04:25 PM
There are two things that have to be taken into account:
1) Your NAD has to be configured with multiple RADIUS-Servers. If one server is declared dead, the second or third server is used. In IOS there are different ways to check if a server is available or not. This is documented in the 802.1x part of the configuratiuon guide of your switch.
2) The radius-servers have to replicate their database to all members. In the Cisco-portfolio that can be done with ACS or ISE. Others are using FreeRADIUS for that and some are even using the RADIUS-server that is íncluded with Windows Server.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
08-19-2013 07:02 PM
Hello Karsten,
Your answer is more than helpful.....Clear and enlightening.
Thank you much.
guruiz
08-22-2013 07:54 AM
Hi Karsten,
I miss this question regarding Cisco ACS....do you know if it is necessary a specific license or additional software on ACS to support database replication ?
Thank you for your help.
Regards,
guruiz
08-22-2013 09:36 AM
You just need additional server-licenses, and if you have more then 500 NADs, then an additional "unlimited"-License for your whole deployment.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
08-22-2013 11:17 AM
Hi Karsten,
Again ...thank you so much !
guruiz
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide