Solved

How to configure two NPS servers for redundacy on a Cisco switch with 802.1x

Posted on 2013-05-24
10
557 Views
Last Modified: 2013-09-18
Hi,

We are configuring 802.1X for some of our switches.We are going to use dynamic VLAN assigments through Microsoft NPS radius server.

For redundacy we would like to configure all the switches with 2 NPS Microsoft servers in case one of the 2 goes down or is being patch.

That being said, can someone help us out to understand how could we get that configured?
0
Comment
Question by:llarava
  • 4
  • 3
10 Comments
 
LVL 20

Expert Comment

by:rauenpc
ID: 39195488
If you're just asking how the redundancy works:
You just need to have both NPS servers configured the same, and on the switches you define two radius server hosts. When you make the AAA commands that reference radius or a server group, as long as both servers are configured as radius or are both part of the server group you will be able to deal with failures/patching/reboots/etc.

Or do you need the entire config to deal with the dynamic LAN and redundancy for 802.1x?
0
 

Author Comment

by:llarava
ID: 39196023
All the switches will be configued with 802.1x the goal is to do dynamic vlan assignment with NPS servers. So basically we would like to have all the switches work with 2 nps servers in case of failure or patches. Can we just configure the switch to use both nps servers? If so, how do we do it?
0
 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 39199041
You can usually define multiple servers to which radius auth/authorization/accounting packets can be sent.

Rauenpc, pointed it out. Are you looking for a specific directive exampe?

http://packetlife.net/blog/2010/sep/27/basic-aaa-configuration-ios/
0
The New “Normal” in Modern Enterprise Operations

DevOps for the modern enterprise offers many benefits — increased agility, productivity, and more, but digital transformation isn’t easy, especially if you’re not addressing the right issues. Register for the webinar to dive into the “new normal” for enterprise modern ops.

 

Author Comment

by:llarava
ID: 39199379
I would like to know how do I configure the switch to be able to work with both nps servers in case one goes down or we have to patch it.
0
 

Author Comment

by:llarava
ID: 39199387
The goal is to configure 801.x with dynamic vlan assignments for wired and wireless for windows 7 supplicants.
0
 
LVL 77

Expert Comment

by:arnold
ID: 39199398
You define two or more tacacs-servers.  Te order of the listing will be the order of attempts should it not respond it will be labeled as dead, and the requests will be sent to the other.
There is a configuration setting tht deals how long a server labeled as dead will not be rechecked. After that time has passed, it will be added back into the pool.

Note, an erroneous response will not get a radius service labeled as dead, a radius server is only labeled as dead when there is no response.

Which switch do you have?  Does the switch lacks the option to define multiple servers?
0
 
LVL 77

Expert Comment

by:arnold
ID: 39199408
The only requirement to have a switch work with an Is:
1) the switch must be a client of the NPS
2) they must reference the same secret.

As far as functionality, the NPS policy must be configured to properly respond to the request dealing with including the reply items that will set the VLAN, etc. on the switch.
0
 

Author Closing Comment

by:llarava
ID: 39503442
-
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
WriteBack Attribute permission on domain level 13 82
Cable suggestions 5 73
Cisco Edge Routers for BGP 6 52
domain and forest trust 1 9
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question