Header Only - DO NOT REMOVE - Extreme Networks

RADIUS fail-over config send Accounting requests to all servers


Hello,

I have configured two RADIUS servers for authentication (see attached picture). Despite the priority configuration and the Round-Robin setting (see other picture), it seems the controller send Accounting packets to both servers.





I tried to disable strict mode and configured the RADIUS in the WLAN section (see third picture). The behaviour is the same.



This causes me problem as each RADIUS server (FreeRADIUS instance) hosts a MySQL database for accounting records. Both DBs being replicated in Master-Master, the simultaneous arrival of accounting packets from the controller to both RADIUS servers causes the replication to crash (as entries with same Accounting-Session-Id are inserted on each database).

I have noticed that the Round-Robin setting is for Authentication only. Is there a way to do the same for Accounting as well ?

Thanks in advance for your help.

3 replies

Userlevel 6
Hello

I will look into this and get back to you.

-Gareth
Userlevel 4
Hi ,

this is FAD.

If there are multiple servers configured, authentication is done per priority.

The one with lowest number will do the authentication.
Accounting, on the other side, should be done on all servers, no matter what priority is configured.
Now, you might ask why we have priority checkbox for Accounting.
The only purpose it serves is when we are in strict mode (for use with Policy Mgr & NAC Mgr).
In strict mode the first 3 RADIUS servers in the accounting priority list will be used for accounting and the rest will be ignored.
In the case of authentication, the first 3 RADIUS servers in the authentication priority list will be used for authentication, 1 at a time, with the priority 1 server being used for authentication exclusively until it fails.

Regards
UMut
Userlevel 6
Hello

See the following article: https://gtacknowledge.extremenetworks.com/articles/How_To/Are-radius-accounting-packets-sent-to-all-radius-servers-with-accounting-configured

In order to request a change in this behaviour I would recommend you contact your local account team SE and ask them to process a feature request for you.

-Gareth

Reply