none
NPS with NLB

    שאלה

  • I am trying to leverage network load balancing (NLB) with my network policy servers(NPS). When I setup the NLB on 2 of the NPS servers, I am able to browse to the drives and ping to the VIP address -OR- the individual addresses of the server. I am finding that the radius ports are not working with the VIP address, only the individual addresses of the server. I ran an nmap scan, and verified that I can only see open ports for radius on the server addresses not the VIP address.  I haven't seen any documentation stating you can or cannot set it up this way (which I really didn't see why not).  However I have found documentation that says you need a NPS proxy with NLB, which I really didn't want to do.

    any ideas?...
    יום רביעי 22 דצמבר 2010 12:48

תשובות

  • Hi,

    Thank you for your post here.

    Typically, we use NPS configured as a RADIUS proxy to load balance connection requests between multiple NPS servers or other RADIUS servers.

    For example, if you have 100 wireless access points, one NPS proxy, and three RADIUS servers, you can configure the access points to send all traffic to the NPS proxy. On the NPS proxy, configure load balancing so that the proxy evenly the connection requests between the three RADIUS servers.

    Or you can configure the multiple NPS proxy servers which links to all back-end NPS servers. It can double the availability because mutiple proxy servers prevent the RADIUS service from single point failure of proxy server.

     

    • סומן כתשובה על-ידי Miles LiModerator יום שלישי 28 דצמבר 2010 10:37
    יום חמישי 23 דצמבר 2010 10:07
    מנחה דיון

כל התגובות

  • Hi,

    Thank you for your post here.

    Typically, we use NPS configured as a RADIUS proxy to load balance connection requests between multiple NPS servers or other RADIUS servers.

    For example, if you have 100 wireless access points, one NPS proxy, and three RADIUS servers, you can configure the access points to send all traffic to the NPS proxy. On the NPS proxy, configure load balancing so that the proxy evenly the connection requests between the three RADIUS servers.

    Or you can configure the multiple NPS proxy servers which links to all back-end NPS servers. It can double the availability because mutiple proxy servers prevent the RADIUS service from single point failure of proxy server.

     

    • סומן כתשובה על-ידי Miles LiModerator יום שלישי 28 דצמבר 2010 10:37
    יום חמישי 23 דצמבר 2010 10:07
    מנחה דיון
  • Hi,

    I am also facing a same issue, did you find any thing ?

    Can you please provide me the link for "However I have found documentation that says you need a NPS proxy with NLB, which I really didn't want to do." ????

    Thanks

    SK

    שבת 17 מרץ 2012 17:49
  •  After intalling NLB on my NPS proxies successfully i find out that my Radius clients send their request to the virtual ip but are answered by one of the real server's ip. So the thing is that most Radius clients discard those answers for security reason. Finding a way for the server to answer with the virtual ip is not that easy and i haven't found it yet.
    שבת 01 ספטמבר 2012 16:19
  • I have configured Network Load Balancing (NLB) on 2 Hyper-V virtual servers (.166 and .158) for load balancing between servers, which originated a virtual IP (.167), which in turn works.

    These 2 virtual servers that are part of NLB are 2 servers with Network Policy Server that works as Radius server for wireless authentication that also works.

    I put an ARP entry on the Router for the NLB virtual IP to work, this way the 3 IP's ping.

    When connecting the PC to the AP if you put the IP of the virtual server (.166 and .158) as the destination ip, it works fine.

    If you put the NLB virtual IP it does nothing ... it stays connecting ... and then it fails, because the authentication is .166 and .158.

    Possibly the AP arrives at the virtual IP and does nothing because it does not authenticate. I think the solution would be when it reaches the virtual IP (.167) forward to .166 or 158 with different weights ..

    Does anyone know how to solve this ??

    I guess NPS Proxy isn't the best solution, because wih this, I have one point of failure...I want the NLB in case one of the servers fail...

    יום רביעי 17 מאי 2017 13:07
  • I have configured Network Load Balancing (NLB) on 2 Hyper-V virtual servers (.166 and .158) for load balancing between servers, which originated a virtual IP (.167), which in turn works.

    These 2 virtual servers that are part of NLB are 2 servers with Network Policy Server that works as Radius server for wireless authentication that also works.

    I put an ARP entry on the Router for the NLB virtual IP to work, this way the 3 IP's ping.

    When connecting the PC to the AP if you put the IP of the virtual server (.166 and .158) as the destination ip, it works fine.

    If you put the NLB virtual IP it does nothing ... it stays connecting ... and then it fails, because the authentication is .166 and .158.

    Possibly the AP arrives at the virtual IP and does nothing because it does not authenticate. I think the solution would be when it reaches the virtual IP (.167) forward to .166 or 158 with different weights ..

    Does anyone know how to solve this ??

    I guess NPS Proxy isn't the best solution, because wih this, I have one point of failure...I want the NLB in case one of the servers fail...
    יום רביעי 17 מאי 2017 13:07
  • Hi,

    Thank you for your post here.

    Typically, we use NPS configured as a RADIUS proxy to load balance connection requests between multiple NPS servers or other RADIUS servers.

    For example, if you have 100 wireless access points, one NPS proxy, and three RADIUS servers, you can configure the access points to send all traffic to the NPS proxy. On the NPS proxy, configure load balancing so that the proxy evenly the connection requests between the three RADIUS servers.

    Or you can configure the multiple NPS proxy servers which links to all back-end NPS servers. It can double the availability because mutiple proxy servers prevent the RADIUS service from single point failure of proxy server.

     

    I have configured Network Load Balancing (NLB) on 2 Hyper-V virtual servers (.166 and .158) for load balancing between servers, which originated a virtual IP (.167), which in turn works.

    These 2 virtual servers that are part of NLB are 2 servers with Network Policy Server that works as Radius server for wireless authentication that also works.

    I put an ARP entry on the Router for the NLB virtual IP to work, this way the 3 IP's ping.

    When connecting the PC to the AP if you put the IP of the virtual server (.166 and .158) as the destination ip, it works fine.

    If you put the NLB virtual IP it does nothing ... it stays connecting ... and then it fails, because the authentication is .166 and .158.

    Possibly the AP arrives at the virtual IP and does nothing because it does not authenticate. I think the solution would be when it reaches the virtual IP (.167) forward to .166 or 158 with different weights ..

    Does anyone know how to solve this ??

    I guess NPS Proxy isn't the best solution, because wih this, I have one point of failure...I want the NLB in case one of the servers fail...
    יום רביעי 17 מאי 2017 13:07