We have a vSZ-H cluster running version 188.8.131.52.510. My question is; when a secondary RADIUS server is configured, how is it determined the primary is down and it needs to failover? As much specific information that anyone can give would be great.
This is basically decided based on the Response Window (Timer). When the SZ (Acting as Radius Proxy or the Authenticator) sends Radius packets to the Primary AAA and does not get a response back within the Response window then it starts sending Radius Packets to Secondary Server as it thinks the Primary AAA is not reachable. The Response window by default is of 20 seconds so Secondary AAA is used after that if there is no response from Primary AAA within 20 seconds. After the Response Window expires, starts the Zombie period and if SZ still cannot reach the Primary AAA during Zombie Period then it marks Primary AAA as "Dead" after Zombie Period has expired and completely fails over to Secondary AAA.
I hope this helps! You can also find more information about this in the 3.6 Administrator Guide.