Wireless (General)

 View Only
  • 1.  RADIUS fail-over config send Accounting requests to all servers

    Posted 05-03-2016 07:39
    Hello,

    I have configured two RADIUS servers for authentication (see attached picture). Despite the priority configuration and the Round-Robin setting (see other picture), it seems the controller send Accounting packets to both servers.





    I tried to disable strict mode and configured the RADIUS in the WLAN section (see third picture). The behaviour is the same.



    This causes me problem as each RADIUS server (FreeRADIUS instance) hosts a MySQL database for accounting records. Both DBs being replicated in Master-Master, the simultaneous arrival of accounting packets from the controller to both RADIUS servers causes the replication to crash (as entries with same Accounting-Session-Id are inserted on each database).

    I have noticed that the Round-Robin setting is for Authentication only. Is there a way to do the same for Accounting as well ?

    Thanks in advance for your help.



  • 2.  RE: RADIUS fail-over config send Accounting requests to all servers

    Posted 05-04-2016 11:36
    Hello

    I will look into this and get back to you.

    -Gareth


  • 3.  RE: RADIUS fail-over config send Accounting requests to all servers

    Posted 05-04-2016 11:57
    Hi ,

    this is FAD.

    If there are multiple servers configured, authentication is done per priority.

    The one with lowest number will do the authentication.
    Accounting, on the other side, should be done on all servers, no matter what priority is configured.
    Now, you might ask why we have priority checkbox for Accounting.
    The only purpose it serves is when we are in strict mode (for use with Policy Mgr & NAC Mgr).
    In strict mode the first 3 RADIUS servers in the accounting priority list will be used for accounting and the rest will be ignored.
    In the case of authentication, the first 3 RADIUS servers in the authentication priority list will be used for authentication, 1 at a time, with the priority 1 server being used for authentication exclusively until it fails.

    Regards
    UMut



  • 4.  RE: RADIUS fail-over config send Accounting requests to all servers

    Posted 05-04-2016 13:22
    Hello

    See the following article: https://gtacknowledge.extremenetworks.com/articles/How_To/Are-radius-accounting-packets-sent-to-all-radius-servers-with-accounting-configured

    In order to request a change in this behaviour I would recommend you contact your local account team SE and ask them to process a feature request for you.

    -Gareth