Second RADIUS Server not Contacted for Authentication

Getting noticed

Second RADIUS Server not Contacted for Authentication

Hello everyone,

I have configured two separate RADIUS server with the same setting and I want to integrate my Wireless device to be authenticated agains those servers. The reason I have configured two separate RADIUS servers is to have high availability in case the primary server do not respond. However, I have tested the scenario in a testing environment and the results didn't go as expected:
- Firstly I have tried to authenticate using my primary RADIUS server and everything worked well. I saw the messages on the server side as expected. After the first successful attempt I have disabled the RADIUS service on the primary server and try to re-authenticate again. The expectation was that after the authentication messages would time-out on the first server, the AP would use the second server, but it never happens. Using TCPDUMP I've notice the request packets go to the primary but never to the second server.

Has anyone encountered similar problem using two RADIUS servers for high availability ?

Thank you in advance!

P.S.1: I am unable to use the testing method from the dashboard. That method uses ms-chap while I am using LDAP in the backend.
P.S.2: Picture of the RADIUS setting attached.


Kind of a big deal

Thank you for your answer @SoCalRacer 

Somehow I did not found that page. I've read many pages but that one I didn't saw for some reason.

Following the instructions and notes from that page I was able to find what I was looking for. Now I have to decide if I want to do port forwarding or if I actually want to assign public IPs to my RADIUS servers.

Thanks again for helping me!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.