01-05-2023 04:22 AM
Hi guys!
I'm trying to configure a secondary radius to be redundant in BNG. It's an ASR-9001, do I have to configure different groups or can I leave a radius server with two clients?
01-05-2023 05:21 AM
i would suggest to group them. In the future if you have more you can add them in group is easy.
01-05-2023 06:08 AM
for me I prefer two host under radius group.
any way I will check this in lab using IOS or IOS XE and inform you later today.
01-06-2023 06:33 AM
Thanks so much for the responses guys! sure i will wait!
01-09-2023 09:15 AM
Check out the section 'Using RADIUS Server Group' here https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k-r6-6/bng/configuration/guide/b-bng-cg-asr9000-66x/b-bng-cg-asr9000-66x_chapter_011.html
You can configure load-balancing.
If you don't want load-balancing you can us method lists, take a look at the section 'Specifying Method List'. Basically you would use the keyword group over and over specifying a different server-group name each time, the first server-group you specify is the primary and only if the server is unreachable does aaa fallback to the next method in the list, aka the next server-group.
Let me know if that helps.
Sam
01-13-2023 05:08 AM
I put both radius in operation, but when one is down the other is also in "dead" status, any suggestions?
01-13-2023 05:09 AM
not sure what you mean down ?
first radius down, are you able to ping second radius sever ?
can you post some logs and information we can check for you.
01-13-2023 06:30 AM
the lab I done,
The case I done in my lab
1- work and test
config two radius server in one group
Use this group NAME in aaa auth login
this make router check both server under one group
2- work and test
config two radius without any group
Use radius group (without assign name) in aaa auth login
3- not test wait
config two radius group each group have one server
Use two group NAME in aaa auth login
I done lab but I face one issue which I was want to solve it before share here the lab,
if there is user DB in one server not found in other server that issue because the router/sw not failover to other server or local if the auth failed, it failover when the AAA dead.
I try share now the work and test but. GNS3+VMware sometime hung, and I must do lab again.
now return to your new case which of above three case you config ?
01-14-2023 02:53 AM - edited 01-14-2023 07:27 AM
three case test
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide