RADIUS server for VPN question

Solved
tantony
Head in the Cloud

RADIUS server for VPN question

I've enabled RADIUS option on Meraki dashboard so users can login with their Active Directory / Windows account.  This is working.  I have 2 RADIUS servers, and I have both of them added in the Meraki dashboard.

 

My question is, since I have 2 RADIUS servers, do they do 'load sharing'?  For example, does all the RADIUS requests go to the first RADIUS server all the time or does the second RADIUS server take over automatically?

 

 

Plus, I have some users that doesn't log out of VPN when they're done and put their computers to sleep.  But sometimes they get an error (756 This connection is already being dialed.) when they try to connect again.  If they sign out / restart their laptops and try again this works.  

 

Lastly, does Meraki have any plans to make a 10GB router?  My ISP speed is 100 Mbps / 100 Mbps.  Almost all my switches at work is 10GB. 

1 Accepted Solution
Nash
Kind of a big deal

For 756, if your users are comfortable with command prompt, have them try: rasdial /disconnect

 

If still 756, then yes, restart seems the simplest fix for end users.

 

Otherwise they need to learn better habits and disconnect from the VPN when they're done for the day.

 

Uh, regarding RADIUS, iirc it'll try the first server then failover if the first one doesn't respond. Do you have a specific reason to be concerned about load sharing?

 

For routers, are you using an MX to route locally? You should use an L3 switch for that ideally.

View solution in original post

4 Replies 4
Nash
Kind of a big deal

For 756, if your users are comfortable with command prompt, have them try: rasdial /disconnect

 

If still 756, then yes, restart seems the simplest fix for end users.

 

Otherwise they need to learn better habits and disconnect from the VPN when they're done for the day.

 

Uh, regarding RADIUS, iirc it'll try the first server then failover if the first one doesn't respond. Do you have a specific reason to be concerned about load sharing?

 

For routers, are you using an MX to route locally? You should use an L3 switch for that ideally.

tantony
Head in the Cloud

Thanks.  I don't have a specific reason for load sharing.  I was just wondering.  The first RADIUS server is also our DC and QuickBooks server, so I have to restart it sometimes.  So if the first one is unavailable, the second one will take over automatically.  I'm using a L3 switch for routing.

Wittionary
Conversationalist

I found in the docs that the RADIUS server behavior can be configured via API to either "Strict priority order" or "Round robin".

 

Wittionary_0-1587132887023.png

 

PhilipDAth
Kind of a big deal
Kind of a big deal

>My question is, since I have 2 RADIUS servers, do they do 'load sharing'?  

 

No.  It tries the first, and if it doesn't respond within 15s (it does 3 attempts 5s apart) it moves onto the next RADIUS server.

 

>Lastly, does Meraki have any plans to make a 10GB router? 

 

If you just want to do routing use a 10Gbe layer 3 switch like the MS425.

https://meraki.cisco.com/products/switches/ms425-32 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels