https://community.extremenetworks.com/t5/extremeswitching-exos-switch/exos-does-not-attempt-radius-authentication-with-secondary/m-p/85670#M20612 I was able to resolve the issue. In the production environment, it turned out that there was a second firewall that had to be configured to allow traffic to the secondary server. In the GNS3 simulation I have no idea what happened but I rebuilt it and it also works there now. I am aware of that bug but I was using later versions of EXOS. Thu, 23 May 2019 14:24:48 GMT johnwcalder 2019-05-23T14:24:48Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/exos-does-not-attempt-radius-authentication-with-secondary/m-p/85667#M20609 At the moment I have a problem where a group of Extreme switches configured to use RADIUS authentication do not automatically attempt authentication with the secondary server when the primary server is down.<BR /> I have been able to replicate this problem in GNS3 with a more simplified setup than what we have in the production environment. I have two radius servers that are identical in every way except their IP addresses, and I have an Extreme switch that is configured to use those servers for authentication.<BR /> There are no problems authenticating when the primary RADIUS server is running, however, when I shut it down I am no longer able to authenticate when I connect to the Extreme switch. I even did a packet capture on the link and I noticed that the switch doesn't even attempt to send any traffic to the secondary server even when I have shut down RADIUS on the primary server. Is there something I'm missing?<BR /> <BR /> <DIV class="threadCode"><B>code:</B><PRE spellcheck="false">Primary Switch Management RADIUS server: Status is Active<BR /> host name :<BR /> IP address : 192.168.1.102<BR /> Server IP Port: 1812<BR /> Client address: 192.168.1.1 (VR-Default)<BR /> Retries : 3 *<BR /> Timeout : 3 *<BR /> shared secret : #$h+DxdMlNe3EYSMxwsPsNlYj2LWWYxw==<BR />Access Requests : 33 Access Accepts : 5<BR />Access Rejects : 2 Access Challenges : 0<BR />Access Retransmits: 20 Client timeouts : 26<BR />Bad authenticators: 0 Unknown types : 0<BR />Round Trip Time : 1<BR /><BR />Secondary Switch Management RADIUS server: Status is Active<BR /> host name :<BR /> IP address : 192.168.1.101<BR /> Server IP Port: 1812<BR /> Client address: 192.168.1.1 (VR-Default)<BR /> Retries : 3 *<BR /> Timeout : 3 *<BR /> shared secret : #$JxV/rt7kEyedqcs23mzy3LBwXaPJIw==<BR />Access Requests : 12 Access Accepts : 0<BR />Access Rejects : 0 Access Challenges : 0<BR />Access Retransmits: 12 Client timeouts : 12<BR />Bad authenticators: 0 Unknown types : 0<BR />Round Trip Time : 0<BR /><BR />Primary Netlogin RADIUS server: Status is Active<BR /> host name :<BR /> IP address : 192.168.1.102<BR /> Server IP Port: 1812<BR /> Client address: 192.168.1.1 (VR-Default)<BR /> Retries : 3 *<BR /> Timeout : 3 *<BR /> shared secret : #$e9OdqIFaHYGPuQcHF3wdhaZCsvWB5Q==<BR />Access Requests : 0 Access Accepts : 0<BR />Access Rejects : 0 Access Challenges : 0<BR />Access Retransmits: 0 Client timeouts : 0<BR />Bad authenticators: 0 Unknown types : 0<BR />Round Trip Time : 0<BR /><BR />Secondary Netlogin RADIUS server: Status is Active<BR /> host name :<BR /> IP address : 192.168.1.101<BR /> Server IP Port: 1812<BR /> Client address: 192.168.1.1 (VR-Default)<BR /> Retries : 3 *<BR /> Timeout : 3 *<BR /> shared secret : #$jcBzMhO5yJzEuzDJ8M5mt8h3g0Wjvw==<BR />Access Requests : 0 Access Accepts : 0<BR />Access Rejects : 0 Access Challenges : 0<BR />Access Retransmits: 0 Client timeouts : 0<BR />Bad authenticators: 0 Unknown types : 0<BR />Round Trip Time : 0<BR /><BR />Legend: An asterisk (*) indicates a global value is in use.<BR /></PRE></DIV> Tue, 21 May 2019 18:35:33 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/exos-does-not-attempt-radius-authentication-with-secondary/m-p/85667#M20609 johnwcalder 2019-05-21T18:35:33Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/exos-does-not-attempt-radius-authentication-with-secondary/m-p/85668#M20610 Hi John,<BR /> <BR /> Just to make sure - what version of EXOS do you use for your production and GNS3 testing?<BR /> Is it ok for you to share the output of 'show configuration aaa'?<BR /> <BR /> Kind regards,<BR /> Tomasz Wed, 22 May 2019 01:39:33 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/exos-does-not-attempt-radius-authentication-with-secondary/m-p/85668#M20610 Tomasz 2019-05-22T01:39:33Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/exos-does-not-attempt-radius-authentication-with-secondary/m-p/85669#M20611 Hi John,<BR /> <BR /> What is the EXOS version? As there is a known bug for that in prior EXOS 16.1 version.<BR /> <BR /> Regards,<BR /> David Wed, 22 May 2019 08:51:18 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/exos-does-not-attempt-radius-authentication-with-secondary/m-p/85669#M20611 David_Choi 2019-05-22T08:51:18Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/exos-does-not-attempt-radius-authentication-with-secondary/m-p/85670#M20612 I was able to resolve the issue. In the production environment, it turned out that there was a second firewall that had to be configured to allow traffic to the secondary server. In the GNS3 simulation I have no idea what happened but I rebuilt it and it also works there now. I am aware of that bug but I was using later versions of EXOS. Thu, 23 May 2019 14:24:48 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/exos-does-not-attempt-radius-authentication-with-secondary/m-p/85670#M20612 johnwcalder 2019-05-23T14:24:48Z