Arran

Thanks for your response..

Our current testing is to a single radiator server, a single instance of a Radius farm in the Netscalar with "stickiness" to the client session.  We have tested terminating the EAP on both the controller and directly to the server.  We have captured traffic at all points in the path, and it appears in both cases, packets between the controller and the load-balancer is being mis-interpreted by the wireless controller.  We have submitted all captures to the Aruba SE to get something from them.  The load-balancer appears to pass all the packets to and from the controller to the radius server.

respectfully,

Michael


On 2012-05-16, at 6:33 AM, Arran Cudbard-Bell wrote:

On 15 May 2012, at 20:05, Michael Hulko wrote:


We are attempting to create a load-balance farm of Radius servers for our 802.1x authentication.  The foundation is:

Citrix Netscalars 9000s
Aruba M3 controllers
Radiator radius server (currently 3) on a Windows platform.

We have been unable to successfully get authentication to work.  We are getting Aruba involved, but they do not seem to have an answer yet.  

Any comments/suggestions if you are already doing this or have alternatives would be greatly appreciated.

Um quick check. All the RADIUS packets for an EAP session are going to the same RADIUS server right?

AFAIK Radiator doesn't do EAP session state synchronisation, so you have to ensure the entire EAP exchange goes to a single backend server.

-Arran
**********
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.


Michael Hulko
Network Analyst

Western University Canada
Network Operations Centre
Information Technology Services
1393 Western Road, SSB 3300CC
London, Ontario  N6G 1G9

tel: 519-661-2111 x81390
e-mail: [email protected] <mailto:[email protected]>





********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Reply via email to