28
Setting the status of RADIUS servers
To control the RADIUS servers with which the device communicates when the current servers are no
longer available, set the status of RADIUS servers to blocked or active. You can specify one primary
RADIUS server and multiple secondary RADIUS servers. The secondary servers act as the backup
of the primary server.
When the RADIUS server load sharing feature is enabled, the device distributes the workload over
all servers without considering the primary and secondary server roles. The device checks the
weight value and number of currently served users for each active server, and then determines the
most appropriate server in performance to receive an AAA request.
When the RADIUS server load sharing is disabled, the device chooses servers based on the
following rules:
• When the primary server is in active state, the device communicates with the primary server.
• If the primary server fails, the device performs the following operations:
ï‚¡ Changes the server status to blocked.
ï‚¡ Starts a quiet timer for the server.
ï‚¡ Tries to communicate with a secondary server in active state that has the highest priority.
• If the secondary server is unreachable, the device performs the following operations:
ï‚¡ Changes the server status to blocked.
ï‚¡ Starts a quiet timer for the server.
ï‚¡ Tries to communicate with the next secondary server in active state that has the highest
priority.
• The search process continues until the device finds an available secondary server or has
checked all secondary servers in active state. If no server is available, the device considers the
authentication or accounting attempt a failure.
• When the quiet timer of a server expires or you manually set the server to the active state, the
status of the server changes back to active. The device does not check the server again during
the authentication or accounting process.
• When you remove a server in use, communication with the server times out. The device looks
for a server in active state by first checking the primary server, and then checking secondary
servers in the order they are configured.
• When the primary server and secondary servers are all in blocked state, the device tries to
communicate with the primary server.
• When one or more servers are in active state, the device tries to communicate with these active
servers only, even if the servers are unavailable.
• When a RADIUS server's status changes automatically, the device changes this server's status
accordingly in all RADIUS schemes in which this server is specified.
• When a RADIUS server is manually set to blocked, server detection is disabled for the server,
regardless of whether a test profile has been specified for the server. When the RADIUS server
is set to active state, server detection is enabled for the server on which an existing test profile
is specified.
By default, the device sets the status of all RADIUS servers to active. However, in some situations,
you must change the status of a server. For example, if a server fails, you can change the status of
the server to blocked to avoid communication attempts to the server.
To set the status of RADIUS servers:
1. Enter system view.
system-view
N/A
2. Enter RADIUS scheme
view.
radius scheme
radius-scheme-name N/A
To Next Page
Loading...
Need help?
General