Cisco Cisco ASR 5500 Administrator's Guide
RADIUS Server State Behavior
▀ Understanding RADIUS Server States and Commands
▄ Cisco ASR 5x00 AAA Interface Administration and Reference
874
Server State Triggers
A number of triggers, events, and conditions can occur that change the state of a RADIUS server from “Down” to
“Active” as defined by the system. They are:
“Active” as defined by the system. They are:
When the timer, based on the RADIUS Server Group Configuration Mode command:
deadtime
has expired,
the server’s state on the system is returned to “Active”.
Important:
This parameter should be set to allow enough time to solve the issue that
originally caused the server’s state to be changed to “Down”. After the deadtime timer expires, the
system returns the server’s state to “Active” regardless of whether or not the issue has been fixed.
system returns the server’s state to “Active” regardless of whether or not the issue has been fixed.
When a RADIUS authentication server is configured, the server state is initialized as “Active”.
When a RADIUS accounting server is configured and after receiving response for Acct-On message, the server
state is made “Active”.
When a RADIUS accounting server is configured and after the Acct-On message exceeds the max retries setting
and times-out, the server state is made “Active”.
When a RADIUS accounting server is configured with Acct-On disabled, the server state is made “Active”.
When a response from a RADIUS server is received, the server state is made “Active”.
Important:
These triggers, events and conditions are applicable for each individual AAAmgr
instance and the state change will be propagated throughout the system. The state of the server could
be set to “Down” even if a single AAAmgr instance is affected and satisfies the
be set to “Down” even if a single AAAmgr instance is affected and satisfies the
detect-dead-
server
parameter criteria. However, even if any one of the non-affected AAAmgr instances
receives a response from the RADIUS server, the state of the server is changed back to “Active”, so
that the affected AAAMgr does not impact all the other working ones.
that the affected AAAMgr does not impact all the other working ones.
When a RADIUS server responds to the Exec Mode command
radius test
, the server state is made “Active”.
When a RADIUS probe is enabled and the probe response is received, the server state is made “Active”.
When a RADIUS probe request times-out after max retries, the server state is made “Active”.
If only one RADIUS authentication server is “Active” and goes down, all RADIUS authentication servers are
made “Active”.
If only one RADIUS accounting server is “Active” and goes down, all RADIUS accounting servers are made
“Active”.
Important:
The system uses the above triggers to mark RADIUS servers as “Active”,
however, this does not necessarily mean that the actual server is functional. When the system
changes a server state, a trap is automatically sent to the management station. Action should be taken
to identify the cause of the failure.
changes a server state, a trap is automatically sent to the management station. Action should be taken
to identify the cause of the failure.