How to configure two NPS servers for redundacy on a Cisco switch with 802.1x
Hi,
We are configuring 802.1X for some of our switches.We are going to use dynamic VLAN assigments through Microsoft NPS radius server.
For redundacy we would like to configure all the switches with 2 NPS Microsoft servers in case one of the 2 goes down or is being patch.
That being said, can someone help us out to understand how could we get that configured?
We are configuring 802.1X for some of our switches.We are going to use dynamic VLAN assigments through Microsoft NPS radius server.
For redundacy we would like to configure all the switches with 2 NPS Microsoft servers in case one of the 2 goes down or is being patch.
That being said, can someone help us out to understand how could we get that configured?
ASKER
All the switches will be configued with 802.1x the goal is to do dynamic vlan assignment with NPS servers. So basically we would like to have all the switches work with 2 nps servers in case of failure or patches. Can we just configure the switch to use both nps servers? If so, how do we do it?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I would like to know how do I configure the switch to be able to work with both nps servers in case one goes down or we have to patch it.
ASKER
The goal is to configure 801.x with dynamic vlan assignments for wired and wireless for windows 7 supplicants.
You define two or more tacacs-servers. Te order of the listing will be the order of attempts should it not respond it will be labeled as dead, and the requests will be sent to the other.
There is a configuration setting tht deals how long a server labeled as dead will not be rechecked. After that time has passed, it will be added back into the pool.
Note, an erroneous response will not get a radius service labeled as dead, a radius server is only labeled as dead when there is no response.
Which switch do you have? Does the switch lacks the option to define multiple servers?
There is a configuration setting tht deals how long a server labeled as dead will not be rechecked. After that time has passed, it will be added back into the pool.
Note, an erroneous response will not get a radius service labeled as dead, a radius server is only labeled as dead when there is no response.
Which switch do you have? Does the switch lacks the option to define multiple servers?
The only requirement to have a switch work with an Is:
1) the switch must be a client of the NPS
2) they must reference the same secret.
As far as functionality, the NPS policy must be configured to properly respond to the request dealing with including the reply items that will set the VLAN, etc. on the switch.
1) the switch must be a client of the NPS
2) they must reference the same secret.
As far as functionality, the NPS policy must be configured to properly respond to the request dealing with including the reply items that will set the VLAN, etc. on the switch.
ASKER
-
You just need to have both NPS servers configured the same, and on the switches you define two radius server hosts. When you make the AAA commands that reference radius or a server group, as long as both servers are configured as radius or are both part of the server group you will be able to deal with failures/patching/reboots/
Or do you need the entire config to deal with the dynamic LAN and redundancy for 802.1x?