Cisco Cisco Packet Data Gateway (PDG)
RADIUS Server State Behavior
▀ Understanding RADIUS Server States and Commands
▄ AAA Interface Administration and Reference, StarOS Release 17
888
Understanding RADIUS Server States and Commands
Server States
The system defines three server states for connected RADIUS servers:
Active: The server is believed to be operational.
Not Responding: The server has failed to respond to a message from the system a configured number of times
(retries).
Down: The system is no longer sending requests to the server.
RADIUS Server Commands
RADIUS server states are controlled by parameters set in the RADIUS Server Group Configuration Mode. The
commands are:
commands are:
detect-dead-server
: Configures how the system determines that a RADIUS server is not functioning. One
or both of the following parameters should be set:
consecutive-failures
: Configures the consecutive number of times the RADIUS server is
unreachable by any single aaamgr on the system based on the
max-retries
command. If this
command is enabled, each time the maximum number of retries is exceeded, this counter increments
by one for the particular aaamgr and server. When any aaamgr exceeds this counter for a specific
RADIUS server, the server’s state is changed to “Down” and the deadtime timer is started. The default
is enabled and 4.
by one for the particular aaamgr and server. When any aaamgr exceeds this counter for a specific
RADIUS server, the server’s state is changed to “Down” and the deadtime timer is started. The default
is enabled and 4.
response-timeout
: Configures a specific delay, in seconds, in receiving a response from the
RADIUS server before the server’s state is changed to “Down” and the deadtime timer is started. The
default is disabled.
default is disabled.
Important:
If
response-timeout
is configured and
consecutive-failures
is
not, the system will only wait for the specified period of time before changing the server’s
state to “Down”, ignoring other settings such as
state to “Down”, ignoring other settings such as
radius timeout
, and
max-retries
.
If
response-timeout
is configured and
consecutive-failures
is not,
consecutive-
failures
is removed entirely from the system, including default configuration. If both parameters
are configured, then both conditions must be met to change a RADIUS server’s state to “Down”.
deadtime
: Configure the maximum amount of time, in minutes, that must elapse after a context has exceeded
one or both of the
detect-dead-server
parameters, depending on which parameter is configured. Once this
timer has elapsed, the system reclassifies the RADIUS server as “Active” and subsequent requests to it can be
made. If
made. If
radius deadtime
is not explicitly configured, the default value of 10 minutes is used.
max-retries
: Configures maximum number of times the system attempts to retry communication with a
RADIUS server. Once exceeded, the system changes the state of the server to “Not Responding”, increments
the
the
detect-dead-server consecutive-failures
counter (if configured), and attempts to communicate
with another RADIUS server. The default value for this parameter is 5.