HPE Community
Aruba & ProVision-based
1755752 Members
3239 Online
108837 Solutions
New Discussion

Multiple RADIUS servers for 802.1x authentication

 
Taib-Tech
Occasional Contributor

‎04-12-2013 01:57 AM

‎04-12-2013 01:57 AM

Multiple RADIUS servers for 802.1x authentication

 

I am attempting to use 2 RADIUS servers for 802.1x port authentication on a Procurve 2500 switch, they both work individually, but when i enter two different entries for radius-server host x.x.x.x key ZZZyy, only the first one works.

 

The real difficulty i am having is that seperately, when there is only one radius server entry, everything works, ports are authenticated successfully. Tried configuring dead timer also, and after the timer expires in the switch logs i can see requests are no longer being sent to that server, and they are being sent to the other server instead, but still not authenticating.

 

I know the switch can support up to 3 RADIUS servers, (1 primary and 2 backup) but just cant get them to failover when the first RADIUS server fails.

 

Any help is appreciated.

 
1 person had this problem.
1 REPLY 1
Chrisd131313
Trusted Contributor

‎05-19-2014 05:29 AM

‎05-19-2014 05:29 AM

Re: Multiple RADIUS servers for 802.1x authentication

Hi Taib-Tech,

 

I had the same issue as you and came across this note in the "Switch Management and Configuration Guide"...

 

NOTE: Because of an inconsistency between the Windows XP 802.1x supplicant timeout value
and the switch default timeout value, which is 5, when adding a backup RADIUS server, set the
switch radius-server timeout value to 4. Otherwise, the switch may not failover properly to the
backup RADIUS server.

 

This may fix your problem, I have implemented the change and will see if helps me. Unfortunately I dont have a full test environment so need to test in live :( It coudl take some time to get the results.

 

HTH

-----------------------------------------------------

Don't forget to mark a post resolved if your question was answered.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.