cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
507
Views
0
Helpful
5
Replies
guillermo.ruiz
Beginner

RADIUS servers supported on 802.1x scenario

Hi experts,

We are reviewing to deploy 802.1x with 2 or 3 RADIUS server to acomplish a 'high availability'' model, but we do not know if this is possible.

We tried to find out some information about, but documentation do not mention if is possible to deploy 802.1x AND two or three RADIUS server on same scenario.

Someone can help to clarify this?

Thanks

guruiz

1 ACCEPTED SOLUTION

Accepted Solutions
Karsten Iwen
VIP Mentor

There are two things that have to be taken into account:

1) Your NAD has to be configured with multiple RADIUS-Servers. If one server is declared dead, the second or third server is used. In IOS there are different ways to check if a server is available or not. This is documented in the 802.1x part of the configuratiuon guide of your switch.

2) The radius-servers have to replicate their database to all members. In the Cisco-portfolio that can be done with ACS or ISE. Others are using FreeRADIUS for that and some are even using the RADIUS-server that is íncluded with Windows Server.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

View solution in original post

5 REPLIES 5
Karsten Iwen
VIP Mentor

There are two things that have to be taken into account:

1) Your NAD has to be configured with multiple RADIUS-Servers. If one server is declared dead, the second or third server is used. In IOS there are different ways to check if a server is available or not. This is documented in the 802.1x part of the configuratiuon guide of your switch.

2) The radius-servers have to replicate their database to all members. In the Cisco-portfolio that can be done with ACS or ISE. Others are using FreeRADIUS for that and some are even using the RADIUS-server that is íncluded with Windows Server.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

View solution in original post

Hello Karsten,

Your answer is more than helpful.....Clear and enlightening.

Thank you much.

guruiz

Hi Karsten,

I miss this question regarding Cisco ACS....do you know if it is necessary a specific license or additional software on ACS to support database replication ?

Thank you for your help.

Regards,

guruiz

You just need additional server-licenses, and if you have more then 500 NADs, then an additional "unlimited"-License for your whole deployment.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Hi Karsten,

Again ...thank you so much !

guruiz