Example: Configuring The Preferred Server With The Same Authentication And Authorization Server - Cisco Catalyst 2960 series Configuration Manual
Consolidated platform configuration guide, ios release 15.2(4)e
Hide thumbs
Also See for Catalyst 2960 series:
- Software configuration manual (980 pages) ,
- Command reference manual (800 pages) ,
- Configuration manual (120 pages)
Table of Contents
Advertisement
Example: Configuring the Preferred Server with the Same Authentication and Authorization
Server
The following example shows an authentication server group and an authorization server group that use the
same servers 209.165.200.225 and 209.165.200.226. Both server groups have the preferred server flag enabled.
aaa group server radius authentication-group
server 209.165.200.225 key radkey1
server 209.165.200.226 key radkey2
aaa group server radius accounting-group
server 209.165.200.225 key radkey1
server 209.165.200.226 key radkey2
When a preferred server is selected for a session, all transactions for that session will continue to use the
original preferred server. The servers 209.165.200.225 and 209.165.200.226 are load balanced based on
sessions rather than transactions.
Example: Configuring the Preferred Server with Different Authentication and Authorization
Servers
The following example shows an authentication server group that uses servers 209.165.200.225 and
209.165.200.226 and an authorization server group that uses servers 209.165.201.1 and 209.165.201.2. Both
server groups have the preferred server flag enabled.
aaa group server radius authentication-group
server 209.165.200.225 key radkey1
server 209.165.200.226 key radkey2
aaa group server radius accounting-group
server 209.165.201.1 key radkey3
server 209.165.201.2 key radkey4
The authentication server group and the accounting server group do not share any common servers. A preferred
server is never found for accounting transactions; therefore, authentication and accounting servers are
load-balanced based on transactions. Start and stop records are sent to the same server for a session.
Example: Configuring the Preferred Server with Overlapping Authentication and Authorization
Servers
The following example shows an authentication server group that uses servers 209.165.200.225,
209.165.200.226, and 209.165.201.1 and an accounting server group that uses servers 209.165.201.1 and
209.165.201.2. Both server groups have the preferred server flag enabled.
aaa group server radius authentication-group
server 209.165.200.225 key radkey1
server 209.165.200.226 key radkey2
server 209.165.201.1 key radkey3
aaa group server radius accounting-group
server 209.165.201.1 key radkey3
server 209.165.201.2 key radkey4
If all servers have equal transaction processing capability, one-third of all authentication transactions are
directed toward the server 209.165.201.1. Therefore, one-third of all accounting transactions are also directed
toward the server 209.165.201.1. The remaining two-third of accounting transactions are load balanced equally
between servers 209.165.201.1 and 209.165.201.2. The server 209.165.201.1 receives fewer authentication
transactions because the server 209.165.201.1 has outstanding accounting transactions.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Configuration Examples for RADIUS Server Load Balancing
957
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
