We at Liberty University are rolling out our 802.1X RADIUS environment for Aruba wireless and Cisco wired using Aruba's ClearPass Policy Manager, a FreeRADIUS based product.
We have 2 RADIUS servers to handle our projected load. We then have 2 RADIUS proxy servers to load balance to the nodes and provide proxy redundancy. We will manually balance the proxies by having the wireless controllers use Proxy1 as primary with Fail through and the switches use Proxy2 as primary. Aruba's ClearPass clustering keeps the configuration in sync. We can also add more RADIUS servers if our client load increases. Any new server would automatically get its configuration from the cluster publisher. Bruce Osborne Network Engineer IT Network Services (434) 592-4229 LIBERTY UNIVERSITY Training Champions for Christ since 1971 -----Original Message----- From: Arran Cudbard-Bell [mailto:[email protected]] Sent: Wednesday, May 16, 2012 6:33 AM Subject: Re: Radius Load-balancing and Aruba On 15 May 2012, at 20:05, Michael Hulko wrote: > > We are attempting to create a load-balance farm of Radius servers for our > 802.1x authentication. The foundation is: > > Citrix Netscalars 9000s > Aruba M3 controllers > Radiator radius server (currently 3) on a Windows platform. > > We have been unable to successfully get authentication to work. We are > getting Aruba involved, but they do not seem to have an answer yet. > > Any comments/suggestions if you are already doing this or have alternatives > would be greatly appreciated. Um quick check. All the RADIUS packets for an EAP session are going to the same RADIUS server right? AFAIK Radiator doesn't do EAP session state synchronisation, so you have to ensure the entire EAP exchange goes to a single backend server. -Arran ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
