Reset Search
 

 

Article

Clients authentication traffic is not going to the RADIUS I would expect it to

« Go Back

Information

 
TitleClients authentication traffic is not going to the RADIUS I would expect it to
Symptoms
  • RADIUS traffic is going to the Backup server not the Primary
  • My Primary RADIUS server is back online after an outage but RADIUS packets are still going to the Backup 
  • Users are failing to authenticate because traffic is going to the wrong RADIUS server
Environment
  • IdentiFi
  • Firmware 9.15.x
  • RADIUS
  • Round-Robin
  • Primary-Backup
Cause
System is configured to use RADIUS Round Robin. 
Resolution

In firmware 9.15.x the administrator can select two different methods, the existing Round-Robin or new Primary-Backup. This only applies to Authentication not the Accounting. You can find these settings when you log into the controllers GUI under VNS-->Global--->Authentication

Round-Robin
(default/legacy): 
At start up, the first server configured is selected as the active server. When the current active server goes down, the next server is selected as active server. There will be no polling for the original active server, even when the original active server comes back. It will not be selected again as the active server until the backup goes down.
 
Primary-Backup (new in 9.15.x code): 

At start up, the first server configured is selected as Primary server. When Primary server goes down, the next available server is selected as the VNS’s active RADIUS server to send access-request packets to. In the meantime, the controller sends polling packet to the Primary server. When the Primary server comes back, the controller will use Primary server to send new access-request packets and controller stops sending polling packets.

How Does this function work? 

  1. Primary server is down and it is time to health poll. First wireless client comes in, try the Primary server

  2. Second wireless client comes, the Primary server is in PENDING,  send traffic to the Backup server immediately

  3. Received the response from Primary server, set state to UP, do not cancel pending second wireless client authentication and switch to Primary server. Let the second wireless client run to completion

  4. Third wireless client comes in,  Primary server is UP,  send to the Primary server

  5. Received response from Backup server for second wireless client

  6. Received response from Primary server for third wireless client.


     

Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255