free radius behind a load balancer?
Joseph Nordone
joenordone at aol.com
Thu Jan 14 18:01:05 CET 2021
Read this, even though its Cisco ISE, same principals apply.
https://community.cisco.com/t5/security-documents/how-to-cisco-amp-f5-deployment-guide-ise-load-balancing-using/ta-p/3631159 <https://community.cisco.com/t5/security-documents/how-to-cisco-amp-f5-deployment-guide-ise-load-balancing-using/ta-p/3631159>
—Joe
> On Jan 14, 2021, at 11:25 AM, Coy Hile <coy.hile at coyhile.com> wrote:
>
>
>
>> On Jan 14, 2021, at 10:45 AM, Joseph Nordone via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>>
>> Yes, free-radius works great behind load-balancers. We have multiple clusters behind f5 load balancers. I would look at setting up a two-arm load balancer so that the originating IP address of the client is presented to the radius server. Outside of that, it won’t modify or change any attribute of the packet itself.
>>
>
> How do you mean? What specific things did you have to do for that to happen? (What I’ve seen is the NATed IP come through as the Packet-Src-IP-Address, rather than the machine from whence I was testing.)
>
> --
> Coy Hile
> coy.hile at coyhile.com
>
>
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list