Secondary RADIUS server failover

  • 1
  • Question
  • Updated 8 months ago
Hello,

We have a vSZ-H cluster running version 3.6.0.0.510. My question is; when a secondary RADIUS server is configured, how is it determined the primary is down and it needs to failover? As much specific information that anyone can give would be great.

Thanks,
Chris.
Photo of Chris Grace

Chris Grace

  • 2 Posts
  • 0 Reply Likes

Posted 8 months ago

  • 1
Photo of Rahul Koul

Rahul Koul, Employee

  • 79 Posts
  • 15 Reply Likes
Hi Chris,

This is basically decided based on the Response Window (Timer). When the SZ (Acting as Radius Proxy or the Authenticator) sends Radius packets to the Primary AAA and does not get a response back within the Response window then it starts sending Radius Packets to Secondary Server as it thinks the Primary AAA is not reachable. The Response window by default is of 20 seconds so Secondary AAA is used after that if there is no response from Primary AAA within 20 seconds. After the Response Window expires, starts the Zombie period and if SZ still cannot reach the Primary AAA during Zombie Period then it marks Primary AAA as "Dead" after Zombie Period has expired and completely fails over to Secondary AAA.

I hope this helps! You can also find more information about this in the 3.6 Administrator Guide.

Thanks!
Rahul
Photo of Chris Grace

Chris Grace

  • 2 Posts
  • 0 Reply Likes
Thank you for the response Rahul.

This makes sense for when we are using the vSZ to proxy RADIUS requests as I can see the settings. What about when we are using the AP? There are no settings to configure relating to response window?