same server for the start and stop record for a session regardless of the server cost. When using the preferred
server setting, ensure that the server that is used for the initial transaction (for example, authentication), the
preferred server, is part of any other server group that is used for a subsequent transaction (for example,
accounting).
The preferred server is not used if one of the following criteria is true:
•
The
load-balance method least-outstanding ignore-preferred-server
command is used.
•
The preferred server is dead.
•
The preferred server is in quarantine.
•
The want server flag has been set, overriding the preferred server setting.
The want server flag, an internal setting, is used when the same server must be used for all stages of a multistage
transaction regardless of the server cost. If the want server is not available, the transaction fails.
You can use the
load-balance method least-outstanding ignore-preferred-server
command if you have
either of the following configurations:
•
Dedicated authentication server and a separate dedicated accounting server
•
Network where you can track all call record statistics and call record details, including start and stop
records and records that are stored on separate servers
If you have a configuration where authentication servers are a superset of accounting servers, the preferred
server is not used.
RADIUS Server Status and Automated Testing
The RADIUS Server Load Balancing feature considers the server status when assigning batches. Transaction
batches are sent only to live servers. We recommend that you test the status of all RADIUS load-balanced
servers, including low usage servers (for example, backup servers).
Transactions are not sent to a server that is marked dead. A server is marked dead until its timer expires, at
which time it moves to quarantine state. A server is in quarantine until it is verified alive by the RADIUS
automated tester functionality.
To determine if a server is alive and available to process transactions, the RADIUS automated tester sends a
request periodically to the server for a test user ID. If the server returns an Access-Reject message, the server
is alive; otherwise the server is either dead or quarantined.
A transaction sent to an unresponsive server is failed over to the next available server before the unresponsive
server is marked dead. We recommend that you use the retry reorder mode for failed transactions.
When using the RADIUS automated tester, verify that the authentication, authorization, and accounting (AAA)
servers are responding to the test packets that are sent by the network access server (NAS). If the servers are
not configured correctly, packets may be dropped and the server erroneously marked dead.
We recommend that you use a test user that is not defined on the RADIUS server for the RADIUS server
automated testing to protect against security issues that may arise if the test user is not correctly configured.
Caution
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
947
Information About RADIUS Server Load Balancing
Summary of Contents for Catalyst 2960 Series
Page 96: ......
Page 196: ......
Page 250: ......
Page 292: ......
Page 488: ......
Page 589: ...P A R T VI Cisco Flexible NetFlow Configuring NetFlow Lite page 509 ...
Page 590: ......
Page 619: ...P A R T VII QoS Configuring QoS page 539 Configuring Auto QoS page 645 ...
Page 620: ......
Page 750: ......
Page 1604: ......
Page 1740: ......
Page 2105: ...P A R T XII Configuring Cisco IOS IP SLAs Configuring Cisco IP SLAs page 2025 ...
Page 2106: ......
Page 2118: ......
Page 2164: ......