Header Only - DO NOT REMOVE - Extreme Networks

V2110 Radius failover sequence


Hi, I have configured a V2110 with 2 radius servers to provide redundancy in the event that one fails for 802.1x auth for wifi clients: Radius server A: priority 1 Radius server B: priority 2 As initially expected all traffic was being sent to server A. I then stopped server A and radius authentication requests started to be sent to server B. Again as expected. However I then restarted server A and expected traffic to be start going back to server A. It doesn't seem to be doing this (to add further colour it only seems to be sending traffic to Radius server B if a failed auth attempt was made for the specific SSID/controller, if no connection attempt was made against that particular combination, then its continuing to use the Radius server A). So my question is: After the controller recognises that the primary Radius server is down, is there a timeout after which the controller will attempt to use it again? Or will it only attempt to use it again if the secondary radius server becomes available? Essentially what's the logic used to determine when to use a radius server again after a failure? The user manual covers what happens when a radius server fails, but does not cover to logic involved when a radius server becomes available again. From my testing thus far, it now seems to be preferring the secondary Radius server (after 15+ hours), instead of reverting back to the primary server which was down for 5 minutes. I'm not in the position where I can shutdown the secondary radius server at present to test this fully as it has other dependencies on it. If anyone can shed some light on the expected behaviour that would be much appreciated. Thanks, Kieron

4 replies

Userlevel 7
We offer two different types of fail-over in 9.x code...

Round-Robin: At start up, first configured server is selected as active server. When the current active server goes down, the next server is selected as the active server. There will be no polling for the original active server. Even when the original active server comes back. It will not be selected as active server. Primary-Backup: At start up, the first configured server is selected as primary server. When primary server goes down, the next available server is selected as the VNS’s active RADIUS server to send access-request packets. The controller sends polling packets to the primary server. When primary server comes back, the controller will use primary server to send new access-request packets and controller stops sending polling packet.
Userlevel 7
Reference: https://gtacknowledge.extremenetworks.com/articles/Solution/Clients-authentication-traffic-is-not-go...
Thank-you, this is the exact clarification I was after.
Userlevel 7
No problem, glad to help.

Reply