We are running RADIATOR on Windows Boxes (long story).
The boxes are configured with 6 "child" processes and 1 "parent" process.
The "parent" process uses <AuthBy EAPBALANCE> to distribute the EAP
authentications across the "child" processes.
Using EAPBALANCE insures that each EAP conversation makes it to the same
"child" process.
It seems to work pretty well. We could probably handle more "child" processes
on the dedicated boxes we use.
The heavy lifting is done in the "child" processes. They share the same single
configuration file.
The only drawback is that, on windows, you have to manually restart all 7
processes when you change your RADIUS configuration.
Here is what the Handler section for the "parent" process looks like:
<Handler>
<AuthBy EAPBALANCE>
# Pass Client-Indentfier as a RADIUS attribute to child processes
# So that the child process knows what NAS client the request came
from
# Useful for selecting a Handler based on NAD client
AddToRequest OSC-Client-Identifier=%{Client:Identifier}
FailureBackoffTime 15
<Host 127.0.0.1>
Secret Secret
AuthPort 11812
AcctPort 11813
</Host>
<Host 127.0.0.1>
Secret Secret
AuthPort 21812
AcctPort 21813
</Host>
<Host 127.0.0.1>
Secret Secret
AuthPort 31812
AcctPort 31813
</Host>
<Host 127.0.0.1>
Secret Secret
AuthPort 41812
AcctPort 41813
</Host>
<Host 127.0.0.1>
Secret Secret
AuthPort 51812
AcctPort 51813
</Host>
<Host 127.0.0.1>
Secret Secret
AuthPort 61812
AcctPort 61813
</Host>
</AuthBy>
</Handler>
--
Neil Johnson
Network Engineer
The University of Iowa
Phone: +1 319 384-0938<tel:+13193840938>
Fax: +1 319 335-2951<tel:+13193352951>
E-Mail: neil-john...@uiowa.edu<mailto:neil-john...@uiowa.edu>
Lync: neil-john...@uiowa.edu<sip:neil-john...@uiowa.edu>
From: Kees Pronk <cl.pr...@avans.nl<mailto:cl.pr...@avans.nl>>
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Friday, November 22, 2013 1:46 AM
To:
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>"
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] loadbalacing WPA2 802.1X traffic between controller and
radius servers
Hello,
Any WLAN colleagues are using a loadbalacer to scale-out the auth (EAP) traffic?
Currently we use Radiator with frontend and multiple backend processes which
works fine.
Wondering if loadbalancers can keep track of the state of an EAP authentication
At peek times we have 12K concurrent Wi-Fi devices online.
Best regards, Kees
---------------------------------------------------------------------------
Op deze e-mail zijn de volgende voorwaarden van toepassing:
The following conditions apply to this e-mail:
http://emaildisclaimer.avans.nl
---------------------------------------------------------------------------**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
