Cisco Cisco Packet Data Interworking Function (PDIF)
RADIUS Server State Behavior
▀ Understanding RADIUS Server States and Commands
▄ AAA Interface Administration and Reference, StarOS Release 18
904
Server State Triggers
A number of triggers, events, and conditions can occur that change the state of a RADIUS server from “Down” to
“Active” as defined by the system. They are:
“Active” as defined by the system. They are:
When the timer, based on the RADIUS Server Group Configuration Mode command:
deadtime
has expired,
the server’s state on the system is returned to “Active”.
Important:
This parameter should be set to allow enough time to solve the issue that
originally caused the server’s state to be changed to “Down”. After the deadtime timer expires, the
system returns the server’s state to “Active” regardless of whether or not the issue has been fixed.
system returns the server’s state to “Active” regardless of whether or not the issue has been fixed.
When a RADIUS authentication server is configured, the server state is initialized as “Active”.
When a RADIUS accounting server is configured and after receiving response for Acct-On message, the server
state is made “Active”.
When a RADIUS accounting server is configured and after the Acct-On message exceeds the max retries setting
and times-out, the server state is made “Active”.
When a RADIUS accounting server is configured with Acct-On disabled, the server state is made “Active”.
When a response from a RADIUS server is received, the server state is made “Active”.
Important:
These triggers, events and conditions are applicable for each individual AAAmgr
instance and the state change will be propagated throughout the system. The state of the server could
be set to “Down” even if a single AAAmgr instance is affected and satisfies the
be set to “Down” even if a single AAAmgr instance is affected and satisfies the
detect-dead-
server
parameter criteria. However, even if any one of the non-affected AAAmgr instances
receives a response from the RADIUS server, the state of the server is changed back to “Active”, so
that the affected AAAMgr does not impact all the other working ones.
that the affected AAAMgr does not impact all the other working ones.
When a RADIUS server responds to the Exec Mode command
radius test
, the server state is made “Active”.
When a RADIUS probe is enabled and the probe response is received, the server state is made “Active”.
When a RADIUS probe request times-out after max retries, the server state is made “Active”.
If only one RADIUS authentication server is “Active” and goes down, all RADIUS authentication servers are
made “Active”.
If only one RADIUS accounting server is “Active” and goes down, all RADIUS accounting servers are made
“Active”.
In releases prior to 18.0, whenever a chassis boots up or when a new RADIUS accounting server or RADIUS
mediation-device accounting server is configured with Acct-On configuration enabled, the state of the
RADIUS server in all the AAA manager instances is initialized to “Waiting-for-response-to-Accounting-On”.
The Acct-On transmission and retries are processed by the Admin-AAAmgr.
RADIUS server in all the AAA manager instances is initialized to “Waiting-for-response-to-Accounting-On”.
The Acct-On transmission and retries are processed by the Admin-AAAmgr.
When the Acct-On transaction is complete (i.e., when a response for Acct-On message is received or when
Acct-On message is retried and timed-out), Admin-AAAmgr changes the state of the RADIUS accounting
server to Active in all the AAA manager instances. During the period when the state of the server is in
“Waiting-for-response-to-Accounting-On”, any new RADIUS accounting messages which are generated as
part of a new call will not be transmitted towards the RADIUS accounting server but it will be queued. Only
when the state changes to Active, these queued up messages will be transmitted to the server.
Acct-On message is retried and timed-out), Admin-AAAmgr changes the state of the RADIUS accounting
server to Active in all the AAA manager instances. During the period when the state of the server is in
“Waiting-for-response-to-Accounting-On”, any new RADIUS accounting messages which are generated as
part of a new call will not be transmitted towards the RADIUS accounting server but it will be queued. Only
when the state changes to Active, these queued up messages will be transmitted to the server.
During ICSR, if the interface of the radius nas-ip address is srp-activated, then in the standby chassis, the
sockets for the nas-ip will not be created. The current behavior is that if the interface is srp-activated
sockets for the nas-ip will not be created. The current behavior is that if the interface is srp-activated