Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1322
Views
11
Helpful
8
Replies

Two radius, one BNG(ASR-9001)

Victor Tesser
Level 1
Level 1

‎01-05-2023 04:22 AM

Hi guys!
I'm trying to configure a secondary radius to be redundant in BNG. It's an ASR-9001, do I have to configure different groups or can I leave a radius server with two clients?

Labels:
0 Helpful
8 Replies 8

balaji.bandi
Hall of Fame
Hall of Fame

‎01-05-2023 05:21 AM

i would suggest to group them. In the future if you have more you can add them in group is easy.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World
VIP
VIP

‎01-05-2023 06:08 AM

for me I prefer two host under radius group. 
any way I will check this in lab using IOS or IOS XE and inform you later today. 

Victor Tesser
Level 1
Level 1

‎01-06-2023 06:33 AM

Thanks so much for the responses guys! sure i will wait!

0 Helpful

smilstea
Cisco Employee
Cisco Employee

‎01-09-2023 09:15 AM

Check out the section 'Using RADIUS Server Group' here https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k-r6-6/bng/configuration/guide/b-bng-cg-asr9000-66x/b-bng-cg-asr9000-66x_chapter_011.html

 

You can configure load-balancing.

 

If you don't want load-balancing you can us method lists, take a look at the section 'Specifying Method List'. Basically you would use the keyword group over and over specifying a different server-group name each time, the first server-group you specify is the primary and only if the server is unreachable does aaa fallback to the next method in the list, aka the next server-group.

 

Let me know if that helps.

 

Sam

 

0 Helpful

Victor Tesser
Level 1
Level 1

‎01-13-2023 05:08 AM

I put both radius in operation, but when one is down the other is also in "dead" status, any suggestions?

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Victor Tesser

‎01-13-2023 05:09 AM

not sure what you mean down ?

first radius down, are you able to ping second radius sever ?

can you post some logs and information we can check for you.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

MHM Cisco World
VIP
VIP
In response to Victor Tesser

‎01-13-2023 06:30 AM

the lab I done, 
The case I done in my lab 
1- work and test
config two radius server in one group
Use this group NAME in aaa auth login 
this make router check both server under one group 
2-  work and test
config two radius without any group 
Use radius group (without assign name) in aaa auth login 
3- not test wait 
config two radius group each group have one server 
Use two group NAME in aaa auth login 



I done lab but I face one issue which I was want to solve it before share here the lab, 
if there is user DB in one server not found in other server that issue because the router/sw not failover to other server or local if the auth failed, it failover when the AAA dead. 

I try share now the work and test but. GNS3+VMware sometime hung, and I must do lab again. 


now return to your new case which of above three case you config ?

0 Helpful

MHM Cisco World
VIP
VIP

‎01-14-2023 02:53 AM - edited ‎01-14-2023 07:27 AM

three case testScreenshot (213).pngScreenshot (214).pngScreenshot (215).png

Customers Also Viewed These Support Documents