Change of network adapters in radius server
rolypoly at ihug.co.nz
Fri Dec 2 00:09:21 CET 2011
We've run into a problem with our freeradius server virtual machine.
It's a RHEL5.5 VM running on ESXi 4.1 and it talks to a cisco NAS. It
currently works but we have performance issues, which I have partly
tracked down to a very specific VMware issue - if running linux with
more than 1 vCPU, vmxnet3 NIC connected to a distributed vSwitch. The
work around is to change the network adapters to something other than a
However, this is where my radius problem comes in. When I change the
NICs, the MAC address changes, which means I need to setup the static IP
addresses again. Not a problem and I can then ping the cisco device and
the cisco device can ping the radius server. The problem is, no radius
traffic flows between them.
Since this is a VM, I took a snapshot first, so rolling back to the
snapshot started radius working again with the vmxnet3 adapter and the
old MAC address.
iptables is disabled so there are no firewall issues.
The arp table on the cisco device has had the old MAC address entry for
the radius server removed and it detects the new MAC address correctly
after a ping.
Is there something I have missed that binds radius to a specific MAC
address? The MAC address change is the only thing I can think of, but
may have nothing to do with it.
Running radtest on the radius server would appear to show that radius is
authenticating successfully and the radius.log shows radius started and
ready to accept connections.
Can anyone offer suggestions? I can provide the output from radiusd -X
if needed but will take me a day or two to get it since this is on a
production server that can only be worked on at 3am!
The VM is configured with 2 vCPU and 4GB RAM. The cisco NAS is reporting
approx 2000 requests a minute, so not exactly super busy. I've seen
other posts in the mailing list suggesting FreeRADIUS can cope with
1000's per second!
More information about the Freeradius-Users