load balancing on nac

  • 0
  • 1
  • Question
  • Updated 1 year ago
  • Answered
Hi guys

i have enable nac load balancing. I am unsure how to check itis  working. what i have done is added the address of the NAC appliances to the external load balancer config of the nac group  . according to the docs, i am suppose to get a VIP. Where am i suppose to see this. also if i do a show radius, the  two NAC appliances are set as 1and 2 and not random. Arethe  applainces not suppose to have the switches and end devices on them?

thanks
Photo of Justsomebodi

Justsomebodi

  • 1,572 Points 1k badge 2x thumb

Posted 1 year ago

  • 0
  • 1
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 13,752 Points 10k badge 2x thumb
Hi,

I am not really sure what setup you are using. As far as I know you configure a load balancer to provide a virtual IP (VIP) address, and then balance requests sent to that VIP across several NAC appliances.

If you are using S-Series switches you can use LSNAT, see e.g. How To Configure LSNAT to Load Balance to Multiple NAC on S-SeriesS-Series and LSNAT are not Load BalancingWhat kind of persistence do I need to implement on a load balancer for the NAC to be load balanced?, and Server Load Balancing (SLB) and Load Sharing Network Address Translation (LSNAT) Are Not Working for additional info.

You would then configure only the VIP of the load balancer as RADIUS server on the switches.

Thanks,
Erik
(Edited)
Photo of Justsomebodi

Justsomebodi

  • 1,572 Points 1k badge 2x thumb
Hi


I am using XOS. I was under the impression NAC aappliances are jointed togther in a group and then their IP's are added to the external load balancer config section of the group config tab.


Regards
(Edited)
Photo of Yacobucci, Ryan

Yacobucci, Ryan, Multi-Tier Technical Support Engineer

  • 5,470 Points 5k badge 2x thumb
Hello,

When you enable the load balancing feature and provide and IP of the load balance IP address what occurs is NAC assumes that there is an external load balancer at the IP address provided and on enforce attempts to write this IP address as the RADIUS server to all switches in the switches tab. 

Every switch is then also written into every's NAC's "clients.conf" file. 

The NACs themselves do not perform any type of load balancing. As Erik has mentioned typically the lad balance IP provided in the NAC configuration is the VIP for the LSNAT configuration on the S series.

Thanks
-Ryan
Photo of Justsomebodi

Justsomebodi

  • 1,572 Points 1k badge 2x thumb
Excellent. Thanks for the clarification guys.
Photo of Jeremy

Jeremy, Embassador

  • 9,788 Points 5k badge 2x thumb
We use LSNAT or "ip slb" on the S4 to do exactly what you are wanting to do.