Skip to main content

6 Messages

 • 

142 Points

Mon, Sep 28, 2020 5:00 PM

Adding two separate DNS on ICX 7850 as well adding two separate TACACS

Hi WIFI Expert 
I have an ICX7850-48 port using it as a Core router , if we configure two private DNS server on ICX7850 using this command 
7850(Config)#ip dns server-address 10.192.0.1
7850(Config)#ip dns server-address 10.190.0.1

will the Icx treat each DNS as a separate entity or treat the second DNS as a failover DNS?

the second question related to the same ICX7850 
if we add two different radius server to have two different organization authenticate/access ICX7850, will ICX7850 treat each Radius configuration as separate authentication or ICX7850 treat them second radius configuration as a failover if the 1st Radius failed 


thanks 

Responses

Employee

 • 

81 Messages

 • 

1.9K Points

2 months ago


Hi Hayder,
Hope you are doing Great!!!


Configuring DNS server addresses in a Brocade device

You can configure the Brocade device to recognize up to four DNS servers. The first entry serves as the primary default address. If a query to the primary address fails to be resolved after three attempts, the next DNS address is queried (also up to three times). This process continues for each defined DNS address until the query is resolved. The order in which the default DNS addresses are polled is the same as the order in which you enter them.

Use the ip dns server-address command to configure DNS servers.

device(config)# ip dns server-address 10.157.22.199 10.96.7.15 10.95.7.25 10.98.7.15

Alternatively, you can configure DNS servers one after the other.

device(config)# ip dns server-address 10.157.22.199
device(config)# ip dns server-address 10.96.7.15
device(config)# ip dns server-address 10.95.7.25
device(config)# ip dns server-address 10.98.7.15

In this example, the first IP address entered becomes the primary DNS address and all others are secondary addresses. Because IP address 10.98.7.15 is the last address listed, it is also the last address consulted to resolve a query.

As for Multiple DNS:
Multiple RADIUS servers

Flexible authentication communicates with the RADIUS server to authenticate a new client or reauthenticate an already authenticated client. The ICX device supports multiple RADIUS servers. If communication with one of the RADIUS servers times out, the others are tried in sequential order. If a response from a RADIUS server is not received within a specified time (by default, 3 seconds), the RADIUS request times out, and the device retries the request up to three times. If no response is received, that RADIUS server is marked as down, and the next available RADIUS server is chosen, until all servers are exhausted, or a response is received.

Marking the RADIUS server as down helps in making the authentication process faster, as only the available servers are contacted. When configured, the servers that are down are periodically contacted to check if they are available, and when they become available, they are marked accordingly.

There are several professional and experimental quality RADIUS servers, and all servers are configured with the usernames and passwords of authenticated users. For MAC authentication, the username and password are the MAC address itself. The ICX device uses the MAC address for both the username and the password in the request sent to the RADIUS server. For 8021.X, the username and password are typically configured as unique IDs, which the clients use when they log into the network. For example, given a MAC address of 00:10:94:00:fe:aa, the user's file on the RADIUS server is configured with the username and password both set to 00:10:94:00:fe:aa. If a user using dot1x has to authenticate from the same device, the user profile may have name, password.


Hope this Helps.

Thanks
Hashim

6 Messages

 • 

142 Points

a month ago

Hashim, 
thank you very much regarding the detailed explanation !! 

Employee

 • 

81 Messages

 • 

1.9K Points

a month ago

Hi Hayder,

Hope you are doing Great!!!
You are Most Welcome.  The pleasure is mine.

You have a Great Weekend!!!

Thanks
Hashim