Reset Search



Clients authentication traffic is not going to the RADIUS I would expect it to

« Go Back


TitleClients authentication traffic is not going to the RADIUS I would expect it to
  • RADIUS traffic is going to the Backup server not the Primary
  • My Primary RADIUS server is back online after an outage but RADIUS packets are still going to the Backup 
  • Users are failing to authenticate because traffic is going to the wrong RADIUS server
  • IdentiFi
  • Firmware 9.15.x
  • Round-Robin
  • Primary-Backup
System is configured to use RADIUS Round Robin. 

In firmware 9.15.x the administrator can select two different methods, the existing Round-Robin or new Primary-Backup. This only applies to Authentication not the Accounting. You can find these settings when you log into the controllers GUI under VNS-->Global--->Authentication--->

At start up, the first server configured is selected as the active server. When the current active server goes down, the next server is selected as active server. There will be no polling for the original active server, even when the original active server comes back. It will not be selected again as the active server until the backup goes down.
Primary-Backup (new in 9.15.x code): 

At start up, the first server configured is selected as Primary server. When Primary server goes down, the next available server is selected as the VNS’s active RADIUS server to send access-request packets to. In the meantime, the controller sends polling packets, either access-request or RFC 5997 Status-Server Req, to the Primary server. When the Primary server comes back, the controller will use Primary server to send new access-request packets and controller stops sending polling packets. Polling mechanism and timeout is configured under the Health Monitoring section. In the GUI go to VNS--->Global then select the Radius Server to be configured.

How Does this function work? 

  1. Primary server is down and it is time to health poll ( >Test Request Timeout  configured time). First wireless client comes in, try the Primary server

  2. Second wireless client comes, the Primary server is in PENDING,  send traffic to the Backup server immediately

  3. Received the response from Primary server, set state to UP, do not cancel pending second wireless client authentication and switch to Primary server. Let the second wireless client run to completion

  4. Third wireless client comes in,  Primary server is UP,  send to the Primary server

  5. Received response from Backup server for second wireless client

  6. Received response from Primary server for third wireless client.


Additional notes



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255