Creating Server Groups; Ordering Server Groups; Configuring Load Balancing - Nortel 2360 Configuration Manual

568 Configuring communication with RADIUS

Creating server groups

To create a server group, you must first configure the RADIUS servers with their addresses and any optional parameters.
After configuring RADIUS servers, type the following command:
set server group group-name members server-name1 [server-name2] [server-name3]
[server-name4]
For example, to create a server group called shorebirds with the RADIUS servers heron, egret, and sandpiper, type the
following commands:
WSS# set radius server egret address 192.168.253.1 key apple
WSS# set radius server heron address 192.168.253.2 key pear
WSS# set radius server sandpiper address 192.168.253.3 key plum
WSS# set server group shorebirds members egret heron sandpiper
In this example, a request to shorebirds results in the RADIUS servers being contacted in the order that they are listed in
the server group configuration, first egret, then heron, then sandpiper. You can change the RADIUS servers in server
groups at any time. (See "Adding members to a server group" (page
Note.
Any RADIUS servers that do not respond are marked dead (unavailable) for a
period of time. The unresponsive server is skipped over, as though it did not exist, during its
dead time. Once the dead time elapses, the server is again a candidate for receiving
requests. To change the default dead-time timer, use the set radius or set radius server
command.

Ordering server groups

You can configure up to four methods for authentication, authorization, and accounting (AAA). AAA methods can be
the local database on the WSS and/or one or more RADIUS server groups. You set the order in which the WSS attempts
the AAA methods by the order in which you enter the methods in CLI commands.
In most cases, if the first method results in a pass or fail, the evaluation is final. If the first method does not respond or
results in an error, the WSS tries the second method and so on.
However, if the local database is the first method in the list, followed by a RADIUS server group, the WSS responds to a
failed search of the database by sending a request to the following RADIUS server group. This exception is called local
override.
For more information, see

Configuring load balancing

You can configure the WSS to distribute authentication requests across RADIUS servers in a server group, which is
called load balancing. Distributing the authentication process across multiple RADIUS servers significantly reduces the
load on individual servers while increasing resiliency on a systemwide basis.
NN47250-500 (320657-F Version 02.01)
"AAA methods for IEEE 802.1X and Web network access" (page
569).)
477).