Switches, Hubs, and Modems
Showing results for 
Search instead for 
Did you mean: 

IDM Query - What happens to user access if server is down?

Go to solution
Jason Scott
Regular Advisor

IDM Query - What happens to user access if server is down?

We're investigating deploying IDM but I'm curious to understand what happens to user access if IDM is unavailable?

I've downloaded and skim read the manual but not found anything to answer my question currently.

Thanks in advance.
Jeff Carrell
Honored Contributor

Re: IDM Query - What happens to user access if server is down?

in order to use IDM, you must have a 802.1X "system" running - the switch(s) must be configured for 802.1X, a radius server is needed for user authentication and a user database for radius to verify the user credentials, and a PCM+ server...

IDM is actually made up of 2 components:

1) the IDM server function which runs on the PCM+ server...IDM here is the policy creator and manager...and you can get user status on the IDM server, not required but great knowledge of who's "on" the network...

2) then there is the IDM agent which runs in the radius server...when you create a policy in IDM, you "deploy" the policy(s) from IDM to the IDM agent...

the IDM agent sees the radius authentication reply destined for the switch, intercepts that reply and modifies the auth reply based on the policy(s) for that user and then sends it to the switch...

if the PCM+/IDM server goes down, as long as you didn't need to make policy changes, there is no problem for users to try to authenticate to the network...remember the IDM server function is only policy create/manage...

if the radius server goes down, then you can't do any user authentication at all, therefore you also don't get the IDM policy applied as well...

so, you should have 2 radius servers in the network for the redundancy function...

btw, the IDM agent only works on a few radius server platforms: w2k3-ias, w2k8-nap, redhat linux and suse linux...

this may have been more info than you needed, but hopefully it will help :-)

Jason Scott
Regular Advisor

Re: IDM Query - What happens to user access if server is down?

That's great, thanks Jeff! More information the better. We have two Win2k3 IAS servers already running for our Aruba wireless system so I'm thinking they could be used for LAN based 802.1x as well.

Thanks again!