RADIUS Load Balancing

Question

Hello, 
&nbsp;  
&nbsp; I have to use 2 radius server in failover authentification. 
&nbsp;  
&nbsp; 1 - The  Firsty idea is to create Virtual server for radius with a monitor which just check that radius answer although it is a radius-reject (for security purpose we do not want to use a user password to test, we will test with a wrong username) 
&nbsp;  
&nbsp; Does anyone know all the command line of  /usr/bin/monitors/builtins/RADIUSACCT_monitor /usr/bin/monitors/builtins/RADIUS_monitor 
&nbsp; the idea is to create a monitor script which use RADIUS?_monitor and send Ok if there is answer and send NOK with no answer, that's all. 
&nbsp;  
&nbsp; 2 - The second idea is to modify the authentication irule for disabling the active node if there is an authentification error (not a reject).  
&nbsp; If auth failed  
&nbsp; =&gt;check node up, if node up make it down 
&nbsp; =&gt;check node down, if node up make it up 
&nbsp;  
&nbsp; I prefere the 1st idea, 
&nbsp;  
&nbsp; Thanks for your help, 
&nbsp;  
&nbsp; Flo,

flomkrl_29950 · Answer

Finaly i use 1st idea :   
&nbsp; !/bin/sh 
&nbsp;  
&nbsp;  
&nbsp; NODE_IP=${1} 
&nbsp; NODE_PORT=${2} 
&nbsp; USERNAME="TEST" 
&nbsp; DEBUG="Yes" 
&nbsp; RES=`/usr/bin/monitors/builtins/RADIUS_monitor $NODE_IP $NODE_PORT " " $USERNAME  $SECRET 2&gt;&amp;1` 
&nbsp; echo $RES | grep 'Expected code' &gt; /dev/null 2&gt;&amp;1 
&nbsp;  
&nbsp; if [ $? -eq 0 ] 
&nbsp; then 
&nbsp;     echo "UP" 
&nbsp; fi 
&nbsp; exit

scott_sams_8256 · Answer

where does this go?  i trying to use the radius_monitor external program.  the radius sees the valid auth but denies cause it sees user as guest.  where or how do i enter in user id and password for this? 
&nbsp;  
&nbsp; thanks

hooleylist · Answer

The code flomkrl posted is used in an external monitor.  USERNAME="TEST" is where he is setting the login name. 
&nbsp;  
&nbsp; These two pages have some background info on external monitors and using an external monitor to check a radius pool: 
&nbsp;  
&nbsp; External Monitors 
&nbsp; http://devcentral.f5.com/wiki/default.aspx/AdvDesignConfig/ExternalMonitor.html 
&nbsp;  
&nbsp; SOL6993: Configuring a RADIUS Accounting external health monitor 
&nbsp; https://support.f5.com/kb/en-us/solutions/public/6000/900/sol6993.html 
&nbsp;  
&nbsp; Aaron

amolari · Answer

i have filled an RFE, maybe of interest for you
RFE 445480 - Radius Monitor should mark member up even with Access-Reject

Forum Discussion

RADIUS Load Balancing

4 Replies

Recent Discussions

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries HA

Related Content

Active/Active load balancing examples with F5 BIG-IP and Azure load balancer

NGINXaaS for Azure: Load Balancing

RADIUS Load Balancing

What is Load Balancing?

RADIUS Load Balancing with iRules