HA scenario = failure

Rob Walker rob3rt.walk3r at gmail.com
Mon Feb 9 22:04:50 CET 2015


Incase anyone else see's this I was able to fix with the following commands
on the switch which basically reduces the RADIUS host failover from the
default of 15 seconds to 3 which seems to have appeased the failover gods.
More details available in HP documentation.

radius-server- timeout 2
radius-server retransmit 1



On 9 February 2015 at 09:21, Dave Aldwinckle <daldwinc at uwaterloo.ca> wrote:

> Hi Rob,
>
> Welcome to the list.
>
> Please post the full debug output from both the success and the failure.
>
> Secondly, what firmware version is your switch running?
>
> Dave Aldwinckle
>
> On 15-02-09 11:15 AM, Alan DeKok wrote:
>
>> On Feb 9, 2015, at 11:09 AM, Rob Walker <rob3rt.walk3r at gmail.com> wrote:
>>
>>> I'm a freerad newb, trying to get my HP Procurve 2910al working with 2
>>> freerad servers (setup identically) and windows/linux endpoints. I've
>>> tested this setup successfully against each individual freerad server ok.
>>> As soon as I test stopping one of the free radius server hosts so that
>>> the
>>> 2910al is forced to try the other freerad server (testing a HA scenario)
>>> -
>>> authentication fails.
>>>
>>    That’s bad.
>>
>>  I can only guess that it's something the switch is mishandling?
>>>
>>    Yes.
>>
>>  If someone
>>> could advise on the below outputs it would be appreciated, it seems the
>>> packet length is much less when it doesn't work?
>>>
>>    The packet length doesn’t matter.  What matters is the the switch
>> sends a packet to the server.  That’s good.  The server responds.  That’s
>> good.  The switch never sends another packet.  That’s bad.
>>
>>    Alan DeKok.
>>
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/
>> list/users.html
>>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html


More information about the Freeradius-Users mailing list