• Secondary Server: If you have a secondary RADIUS server on the network that you want
to use as a backup, select the Enable Secondary Server check box, and then configure
the settings below.
• Automatic Fallback Disable: By default, when a secondary RADIUS server is enabled
and the primary RADIUS server becomes unavailable, the secondary server takes over
the handling of RADIUS requests. When the primary server becomes available again, it
takes back control over RADIUS requests from the secondary server.
If you want to prevent the primary server from retaking control over RADIUS requests from
the secondary server, select the Automatic Fallback Disable check box.
• IP Address: Type the IP address of the secondary AAA server.
• Port: Type the port number of the secondary AAA server port number. The default RADIUS
server port number is 1812 and the default RADIUS Accounting server port number is
1813.
• Shared Secret: Type the AAA shared secret.
• Confirm Secret: Retype the shared secret to confirm.
• Health Check Policy: These options define the health monitoring settings of the primary and
secondary RADIUS servers, when the controller is configured as RADIUS proxy for RADIUS
Authentication and Accounting messages.
• Response Window: Set the time (in seconds) after which, if the AAA server does not
respond to a request, the controller will initiate the “zombie period” (see below). If the
primary AAA server does not respond to RADIUS messages sent after Response Window
expires, the controller will forward the retransmitted RADIUS messages to the secondary
AAA server. Note that the zombie period is not started immediately after the Response
Window expires, but after the configured Response Window plus ¼ of the configured
Zombie Period. The default Response Window is 20 seconds.
• Zombie Period: Set the time (in seconds) after which, if the AAA server does not respond
to ANY packets during the zombie period, it will be considered to inactive or unreachable.
An AAA server that is marked “zombie” (inactive or unreachable) will be used for proxying
with a low priority. If there are other live AAA servers, the controller will attempt to use
these servers first instead of the zombie AAA server. The controller will only proxy requests
to a zombie server only when there are no other live servers. Any request that is proxied
to an AAA server will continue to be sent to that AAA server until the home server is marked
inactive or unreachable. At that point, the request will fail over to another server, if a live
AAA server is available. The default Zombie Period is 40 seconds.
• Revive Interval: Set the time (in seconds) after which, if no RADIUS messages are proxied
to the AAA server after it has been marked as inactive or unreachable, the controller will
mark the AAA server as active again (and assume that it has become reachable again).
The default Revive Interval is 120 seconds.
• No Response Fail: Click Yes to respond with a reject message to the NAS if no response
is received from the RADIUS server. Click No to skip sending a response.
NOTE: To ensure that the RADIUS failover mechanism functions correctly, either accept
the default values for the Response Window, Zombie Period, and Revive Interval, or
make sure that the value for Response Window is always higher than the value for RADIUS
NAS request timeout multiplied by the value for RADIUS NAS max number of retries. For
SmartCell Gateway 200/Virtual SmartZone High-Scale for Release 3.4.1 Administrator Guide
155
Configuring Services and Profiles
Configuring Authentication Services
To Next Page
Loading...
