- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: HP 2650 and multiple radius servers
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-19-2008 07:07 AM
тАО05-19-2008 07:07 AM
HP 2650 and multiple radius servers
I tried this:
radius-server host 172.16.x.y mykey
radius-server host 172.16.x.z mykey
When I turned off .x.y at 10:00 PM, no systems tried to authenticate with .x.z the next morning. I had to turn back on the radius service on .x.y in order for systems to connect to the network again.
Any suggestions would be greatly appreciated.
Thanks,
-John
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-19-2008 07:59 AM
тАО05-19-2008 07:59 AM
Re: HP 2650 and multiple radius servers
can you make multiple IAS server configuration
on your servers
http://technet2.microsoft.com/windowsserver/en/library/39af9f9e-cb80-440a-ab62-d4a8ce04e4c91033.mspx?mfr=true
cenk
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-19-2008 09:00 AM
тАО05-19-2008 09:00 AM
Re: HP 2650 and multiple radius servers
I am using two FreeRadius.net servers, both on top of Windows 2003. I could use ISA, but I don't think this is the problem.
The problem is that .x.z never gets queried as if the 2650 does not even try to send an allow access request.
Any ideas on how to get the 2650 to fail-over and send requests to x.z if x.y fails and/or times out?
Thanks,
-John
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-19-2008 09:44 AM
тАО05-19-2008 09:44 AM
Re: HP 2650 and multiple radius servers
I in this day test two microsoft IAS radius server and 2650 switch .my test successfully working
please send me your all switch log when first radius server down.
cenk
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-19-2008 09:46 AM
тАО05-19-2008 09:46 AM
Re: HP 2650 and multiple radius servers
please send me your 2650 show run print
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-19-2008 10:31 AM
тАО05-19-2008 10:31 AM
Re: HP 2650 and multiple radius servers
Thanks for helping me,
-John
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-19-2008 11:13 AM
тАО05-19-2008 11:13 AM
Re: HP 2650 and multiple radius servers
1) yes, you can support up to 3 radius servers on a 2650...
2) in your 'show run' i did not see a command that allows the switch to send the 802.1x auth functions to the radius servers...it may have been simply edited out when you did the edits...
it should be something like this:
'aaa authentication port-access eap-radius'
3) i assume in each of the freeradius server configs (Clients.conf) you have defined the 2650 as a radius client with the same shared secret...
4) on radius server x.z, if you looked at the /var/log/radius/radius.log did you see requests coming from the 2650?
5) finally, if you remove the x.y radius server config in the 2650, does it work?
'no radius-server host 172.16.x.y mykey'
hth...jeff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-19-2008 11:42 AM
тАО05-19-2008 11:42 AM
Re: HP 2650 and multiple radius servers
attach your config
(config)#aaa authentication port-access eap radius
(config)#aaa accounting network star-stop radius
and primary radius server down you make wait several minute
cenk
Determine an acceptable timeout period for the switch to wait for a server to respond to a request. ProCurve recommends that you begin with the default (five seconds).
├в ┬в
Determine how many times you want the switch to try contacting a RADIUS server before trying another RADIUS server or quitting. (This depends on how many RADIUS servers you have configured the switch to access.)
├в ┬в
Determine whether you want to bypass a RADIUS server that fails to respond to requests for service. To shorten authentication time, you can set a bypass period in the range of 1 to 1440 minutes for non-responsive servers. This requires that you have multiple RADIUS servers accessible for service requests
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-19-2008 11:46 AM
тАО05-19-2008 11:46 AM
Re: HP 2650 and multiple radius servers
ftp://ftp.hp.com/pub/networking/software/Security-Oct2005-59906024-Chap05-RADIUS.pdf
and update your switch H_10_50.swi
cenk
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-11-2013 08:48 AM
тАО04-11-2013 08:48 AM
Re: HP 2650 and multiple radius servers
Hello all, Cenk, i've read through the document you recommended, just wanted to know do you HAVE to configure the dead timer and retransmit options to allow multiple RADIUS servers to be used?
I am attempting to use 2 RADIUS servers for 802.1x port authentication, they both work individually, but when i enter two different entries for radius-server host x.x.x.x key ZZZyy, only the first one works.
The real difficulty i am having is that seperately, when there is only one radius server entry, everything works, ports are authenticated successfully. Tried configuring dead timer also, and after the timer expires in the switch logs i can see requests are no longer being sent to that server, and they are being sent to the other server instead, but still not authenticating.
Any help is appreciated.