Remove From My Forums

how to make two radius server , one is for backup server ?

Question
0

Sign in to vote
how to make two radius server cluster?, one is for backup server ? one active and one backup?

can it load balancing ? if so, how?

how to set configuration of cisco network device to use two radius server

conf t
aaa new-model
!
aaa group server radius IAS
server 192.168.1.1 auth-port 1812 acct-port 1813
!
aaa authentication login userAuthentication local group IAS
aaa authorization exec userAuthorization local group IAS if-authenticated
aaa authorization network userAuthorization local group IAS
aaa accounting exec default start-stop group IAS
aaa accounting system default start-stop group IAS
!
radius-server host 192.168.1.1 auth-port 1645 acct-port 1646 key noc456noc
radius-server host 192.168.1.1 auth-port 1812 acct-port 1813 key noc456noc
!
privilege exec level 1 show config
!
ip radius source-interface Fa0/23
!
line vty 0 4
authorization exec userAuthorization
login authentication userAuthentication
transport input telnet
!
line vty 5 15
authorization exec userAuthorization
login authentication userAuthentication
transport input telnet
end

computing nightmare
- Edited by Map to new space Monday, May 4, 2015 8:46 AM
Monday, May 4, 2015 7:07 AM

Answers

0

Sign in to vote
>i add second raidus server in remote Radius server group ,yes correct

>need to add first raidus server ....yes

>need to copy to second... you need to configure each raidus server on server group

Check this article about the subject;(Also explan load balacing and Proxy)

https://msdn.microsoft.com/en-us/library/cc754518.aspx
- Proposed as answer by Eve WangMicrosoft contingent staff Thursday, May 21, 2015 8:13 AM
- Marked as answer by Eve WangMicrosoft contingent staff Monday, May 25, 2015 9:27 AM
Monday, May 4, 2015 10:58 AM
0

Sign in to vote
Hi,

To provide fault tolerance for RADIUS-based authentication and accounting, use at least two NPS servers. One NPS server is used as the primary RADIUS server and the other is used as a backup. Each RADIUS client is then configured on both NPS servers. If the primary NPS server becomes unavailable, RADIUS clients then send Access-Request messages to the alternate NPS server.

If RADIUS client can be configured with only one RADIUS server, then, use RADIUS proxy to forward request to other RADIUS servers.

More information about RADIUS and RAIDUS proxy, just for your reference:
Components of a RADIUS Infrastructure
https://technet.microsoft.com/en-us/library/dd197429(v=ws.10).aspx

Planning NPS as a RADIUS proxy
https://technet.microsoft.com/en-us/library/dd197525%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

Best Regards,
Eve Wang
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.
- Proposed as answer by Eve WangMicrosoft contingent staff Thursday, May 21, 2015 8:12 AM
- Marked as answer by Eve WangMicrosoft contingent staff Monday, May 25, 2015 9:27 AM
Tuesday, May 5, 2015 7:51 AM

All replies

0

Sign in to vote

Hi

at the Begining,NPS(Radius) could not run in a server cluster.

You could configure 2 different nps server for different specs;

check this detailed article;

https://technet.microsoft.com/en-us/library/hh831683.aspx

Monday, May 4, 2015 8:57 AM
0

Sign in to vote

it mentioned to use multiple radius server need to use radius proxy

i add second radius server in remote radius server group, is it correct configuration

do i need to add first radius server in radius server group?

do i need to need to copy configuration to second NPS to configure again?
computing nightmare

Monday, May 4, 2015 10:43 AM
0

Sign in to vote
>i add second raidus server in remote Radius server group ,yes correct

>need to add first raidus server ....yes

>need to copy to second... you need to configure each raidus server on server group

Check this article about the subject;(Also explan load balacing and Proxy)

https://msdn.microsoft.com/en-us/library/cc754518.aspx
- Proposed as answer by Eve WangMicrosoft contingent staff Thursday, May 21, 2015 8:13 AM
- Marked as answer by Eve WangMicrosoft contingent staff Monday, May 25, 2015 9:27 AM
Monday, May 4, 2015 10:58 AM
0

Sign in to vote
Hi,

To provide fault tolerance for RADIUS-based authentication and accounting, use at least two NPS servers. One NPS server is used as the primary RADIUS server and the other is used as a backup. Each RADIUS client is then configured on both NPS servers. If the primary NPS server becomes unavailable, RADIUS clients then send Access-Request messages to the alternate NPS server.

If RADIUS client can be configured with only one RADIUS server, then, use RADIUS proxy to forward request to other RADIUS servers.

More information about RADIUS and RAIDUS proxy, just for your reference:
Components of a RADIUS Infrastructure
https://technet.microsoft.com/en-us/library/dd197429(v=ws.10).aspx

Planning NPS as a RADIUS proxy
https://technet.microsoft.com/en-us/library/dd197525%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

Best Regards,
Eve Wang
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.
- Proposed as answer by Eve WangMicrosoft contingent staff Thursday, May 21, 2015 8:12 AM
- Marked as answer by Eve WangMicrosoft contingent staff Monday, May 25, 2015 9:27 AM
Tuesday, May 5, 2015 7:51 AM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

how to make two radius server , one is for backup server ?

Question

Answers

All replies