V2110 Radius failover sequence

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered

I have configured a V2110 with 2 radius servers to provide redundancy in the event that one fails for 802.1x auth for wifi clients:

Radius server A: priority 1
Radius server B: priority 2

As initially expected all traffic was being sent to server A. I then stopped server A and radius authentication requests started to be sent to server B. Again as expected. However I then restarted server A and expected traffic to be start going back to server A. It doesn't seem to be doing this (to add further colour it only seems to be sending traffic to Radius server B if a failed auth attempt was made for the specific SSID/controller, if no connection attempt was made against that particular combination, then its continuing to use the Radius server A). So my question is:

After the controller recognises that the primary Radius server is down, is there a timeout after which the controller will attempt to use it again? Or will it only attempt to use it again if the secondary radius server becomes available? Essentially what's the logic used to determine when to use a radius server again after a failure?

The user manual covers what happens when a radius server fails, but does not cover to logic involved when a radius server becomes available again.

From my testing thus far, it now seems to be preferring the secondary Radius server (after 15+ hours), instead of reverting back to the primary server which was down for 5 minutes.

I'm not in the position where I can shutdown the secondary radius server at present to test this fully as it has other dependencies on it.

If anyone can shed some light on the expected behaviour that would be much appreciated.

Photo of Kieron Cooke

Kieron Cooke

  • 100 Points 100 badge 2x thumb

Posted 3 years ago

  • 0
  • 1