Scenario:
Switch: Cisco 2960, 3650, etc
Server: Radius Server 2012, 2016, 2019
Description: This article is to discuss and show, how to change the Radius Server priority on a Cisco switch stack if Radius Fail-over on Cisco Switches is configured. Refer to the article to know How to Configure Radius Authentication on Cisco Switches.
Follow the steps mentioned below the change the priority of the Radius Authentication Server. Assuming here Radius Fail-over on Cisco Switches is configured and working.
If you are using Dell Switches then follow the linked article to know How to change radius server priority on Dell switches.
Radius Priority Confirmation
Step1: Login
SSH onto the Cisco switch.
Step2: Confirm Radius Servers
Check the configured radius servers on the switch. Use the command shown below.
edledge_switch#sh running-config | in server name
server name edledge_1
server name edledge_2
server name edledge_3
edledge_switch#
Considering here, three radius servers are configured as
Radius 1
edledge_1, IP Address = 10.1.1.10
Radius 2
edledge_2, IP Address = 10.1.1.11
Radius 3
edledge_3, IP Address = 10.1.1.12
Step3: Radius Priority
Check and confirm the current radius priority on the switch using the commands shown below.
edledge-switch#sh aaa servers
RADIUS: id 1, priority 1, host 10.1.1.10, auth-port 1812, acct-port 1813
State: current UP, duration 1213s, previous duration 60s
Dead: total time 1526005s, count 25430
Quarantined: No
Authen: request 241247, timeouts 241157, failover 44, retransmission 168173
Response: accept 31, reject 41, challenge 18
Response: unexpected 0, server error 0, incorrect 0, time 40ms
Transaction: success 90, failure 72984
Throttled: transaction 0, timeout 0, failure 0
Author: request 0, timeouts 0, failover 0, retransmission 0
Response: accept 0, reject 0, challenge 0
Response: unexpected 0, server error 0, incorrect 0, time 0ms
Transaction: success 0, failure 0
Throttled: transaction 0, timeout 0, failure 0
Account: request 16288, timeouts 16202, failover 0, retransmission 11016
Request: start 2119, interim 0, stop 2574
Response: start 41, interim 0, stop 42
Response: unexpected 0, server error 0, incorrect 0, time 19ms
Transaction: success 86, failure 5186
Throttled: transaction 0, timeout 0, failure 0
Elapsed time since counters last cleared: 1y10w3d5h55m
Estimated Outstanding Access Transactions: 0
Estimated Outstanding Accounting Transactions: 0
Estimated Throttled Access Transactions: 0
Estimated Throttled Accounting Transactions: 0
Maximum Throttled Transactions: access 0, accounting 0
Requests per minute past 24 hours:
high - 0 hours, 23 minutes ago: 11
low - 0 hours, 0 minutes ago: 0
average: 0
RADIUS: id 2, priority 2, host 10.1.1.11, auth-port 1812, acct-port 1813
State: current UP, duration 1678117s, previous duration 60s
Dead: total time 1059s, count 20
Quarantined: No
Authen: request 28, timeouts 19, failover 14, retransmission 14
Response: accept 8, reject 0, challenge 1
Response: unexpected 0, server error 0, incorrect 0, time 158ms
Transaction: success 9, failure 5
Throttled: transaction 0, timeout 0, failure 0
Author: request 0, timeouts 0, failover 0, retransmission 0
Response: accept 0, reject 0, challenge 0
Response: unexpected 0, server error 0, incorrect 0, time 0ms
Transaction: success 0, failure 0
Throttled: transaction 0, timeout 0, failure 0
Account: request 0, timeouts 0, failover 0, retransmission 0
Request: start 0, interim 0, stop 0
Response: start 0, interim 0, stop 0
Response: unexpected 0, server error 0, incorrect 0, time 0ms
Transaction: success 0, failure 0
Throttled: transaction 0, timeout 0, failure 0
Elapsed time since counters last cleared: 8w6h17m
Estimated Outstanding Access Transactions: 0
Estimated Outstanding Accounting Transactions: 0
Estimated Throttled Access Transactions: 0
Estimated Throttled Accounting Transactions: 0
Maximum Throttled Transactions: access 0, accounting 0
Requests per minute past 24 hours:
high - 0 hours, 0 minutes ago: 0
low - 0 hours, 0 minutes ago: 0
average: 0
RADIUS: id 3, priority 3, host 10.1.1.12, auth-port 1812, acct-port 1813
State: current UP, duration 535391s, previous duration 60s
Dead: total time 300s, count 5
Quarantined: No
Authen: request 17443, timeouts 121, failover 10216, retransmission 106
Response: accept 6245, reject 308, challenge 10769
Response: unexpected 0, server error 0, incorrect 0, time 158ms
Transaction: success 17322, failure 16
Throttled: transaction 0, timeout 0, failure 0
Author: request 0, timeouts 0, failover 0, retransmission 0
Response: accept 0, reject 0, challenge 0
Response: unexpected 0, server error 0, incorrect 0, time 0ms
Transaction: success 0, failure 0
Throttled: transaction 0, timeout 0, failure 0
Account: request 2843, timeouts 14, failover 581, retransmission 14
Request: start 375, interim 0, stop 376
Response: start 375, interim 0, stop 376
Response: unexpected 0, server error 0, incorrect 0, time 157ms
Transaction: success 2829, failure 0
Throttled: transaction 0, timeout 0, failure 0
Elapsed time since counters last cleared: 8w6h17m
Estimated Outstanding Access Transactions: 0
Estimated Outstanding Accounting Transactions: 0
Estimated Throttled Access Transactions: 0
Estimated Throttled Accounting Transactions: 0
Maximum Throttled Transactions: access 0, accounting 0
Requests per minute past 24 hours:
high - 1 hours, 15 minutes ago: 4
low - 0 hours, 0 minutes ago: 0
average: 0
Changing Radius Priority
In Cisco switches, the priority of the radius servers gets assigned according to the order they have been added to the switch. The priority of the radius server changes if one of the servers fails or is deleted/re-added.
Here, we will remove and then re-add one radius server “edledge_2“.
Step4: Removing Radius Server
Remove the radius server configuration using the command shown below.
edledge_switch#conf t
edledge_switch(config)#no radius server edledge_2
edledge_switch(config)#exit
edledge_switch#
Step5: Check aaa Servers
Check configured aaa servers to ensure edledge_2 is deleted
edledge_switch#sh running-config | in server name
server name edledge_1
server name edledge_3
edledge_switch#
Step6: Check Radius Priority
Check and confirm the radius priority.
edledge_switch#sh aaa servers
RADIUS: id 1, priority 1, host 10.1.1.10, auth-port 1812, acct-port 1813
State: current UP, duration 2627s, previous duration 60s
Dead: total time 1526005s, count 25430
Quarantined: No
Authen: request 241247, timeouts 241157, failover 44, retransmission 168173
Response: accept 31, reject 41, challenge 18
Response: unexpected 0, server error 0, incorrect 0, time 40ms
Transaction: success 90, failure 72984
Throttled: transaction 0, timeout 0, failure 0
Author: request 0, timeouts 0, failover 0, retransmission 0
Response: accept 0, reject 0, challenge 0
Response: unexpected 0, server error 0, incorrect 0, time 0ms
Transaction: success 0, failure 0
Throttled: transaction 0, timeout 0, failure 0
Account: request 16288, timeouts 16202, failover 0, retransmission 11016
Request: start 2119, interim 0, stop 2574
Response: start 41, interim 0, stop 42
Response: unexpected 0, server error 0, incorrect 0, time 19ms
Transaction: success 86, failure 5186
Throttled: transaction 0, timeout 0, failure 0
Elapsed time since counters last cleared: 1y10w3d6h19m
Estimated Outstanding Access Transactions: 0
Estimated Outstanding Accounting Transactions: 0
Estimated Throttled Access Transactions: 0
Estimated Throttled Accounting Transactions: 0
Maximum Throttled Transactions: access 0, accounting 0
Requests per minute past 24 hours:
high - 0 hours, 47 minutes ago: 11
low - 0 hours, 0 minutes ago: 0
average: 0
RADIUS: id 3, priority 2, host 10.1.1.12, auth-port 1812, acct-port 1813
State: current UP, duration 536799s, previous duration 60s
Dead: total time 300s, count 5
Quarantined: No
Authen: request 17443, timeouts 121, failover 10216, retransmission 106
Response: accept 6245, reject 308, challenge 10769
Response: unexpected 0, server error 0, incorrect 0, time 158ms
Transaction: success 17322, failure 16
Throttled: transaction 0, timeout 0, failure 0
Author: request 0, timeouts 0, failover 0, retransmission 0
Response: accept 0, reject 0, challenge 0
Response: unexpected 0, server error 0, incorrect 0, time 0ms
Transaction: success 0, failure 0
Throttled: transaction 0, timeout 0, failure 0
Account: request 2843, timeouts 14, failover 581, retransmission 14
Request: start 375, interim 0, stop 376
Response: start 375, interim 0, stop 376
Response: unexpected 0, server error 0, incorrect 0, time 157ms
Transaction: success 2829, failure 0
Throttled: transaction 0, timeout 0, failure 0
Elapsed time since counters last cleared: 8w6h40m
Estimated Outstanding Access Transactions: 0
Estimated Outstanding Accounting Transactions: 0
Estimated Throttled Access Transactions: 0
Estimated Throttled Accounting Transactions: 0
Maximum Throttled Transactions: access 0, accounting 0
Requests per minute past 24 hours:
high - 1 hours, 39 minutes ago: 4
low - 0 hours, 0 minutes ago: 0
average: 0
Step7: Adding Radius
Add the radius server “edledge_2” again to the switch.
edledge_switch#conf t
edledge_switch(config)#radius server edledge_2
edledge_switch(config-radius-server)#address ipv4 10.1.1.11 auth-port 1812 acct-port 1813
edledge_switch(config-radius-server)#key edledge.com
Step8: Confirm Radius Servers
Confirm the radius server status once edledge_2 is added again
edledge_switch#sh running-config | in server name
server name edledge_1
server name edledge_2
server name edledge_2
edledge_switch#
Step9: Confirm Radius Priority
Check and confirm the Radius Priority once another radius server “edledge_2” is added.
edledge-switch#sh aaa servers
RADIUS: id 1, priority 1, host 10.1.1.10, auth-port 1812, acct-port 1813
State: current UP, duration 1213s, previous duration 60s
Dead: total time 1526005s, count 25430
Quarantined: No
Authen: request 241247, timeouts 241157, failover 44, retransmission 168173
Response: accept 31, reject 41, challenge 18
Response: unexpected 0, server error 0, incorrect 0, time 40ms
Transaction: success 90, failure 72984
Throttled: transaction 0, timeout 0, failure 0
Author: request 0, timeouts 0, failover 0, retransmission 0
Response: accept 0, reject 0, challenge 0
Response: unexpected 0, server error 0, incorrect 0, time 0ms
Transaction: success 0, failure 0
Throttled: transaction 0, timeout 0, failure 0
Account: request 16288, timeouts 16202, failover 0, retransmission 11016
Request: start 2119, interim 0, stop 2574
Response: start 41, interim 0, stop 42
Response: unexpected 0, server error 0, incorrect 0, time 19ms
Transaction: success 86, failure 5186
Throttled: transaction 0, timeout 0, failure 0
Elapsed time since counters last cleared: 1y10w3d5h55m
Estimated Outstanding Access Transactions: 0
Estimated Outstanding Accounting Transactions: 0
Estimated Throttled Access Transactions: 0
Estimated Throttled Accounting Transactions: 0
Maximum Throttled Transactions: access 0, accounting 0
Requests per minute past 24 hours:
high - 0 hours, 23 minutes ago: 11
low - 0 hours, 0 minutes ago: 0
average: 0
RADIUS: id 3, priority 2, host 10.1.1.12, auth-port 1812, acct-port 1813
State: current UP, duration 535391s, previous duration 60s
Dead: total time 300s, count 5
Quarantined: No
Authen: request 17443, timeouts 121, failover 10216, retransmission 106
Response: accept 6245, reject 308, challenge 10769
Response: unexpected 0, server error 0, incorrect 0, time 158ms
Transaction: success 17322, failure 16
Throttled: transaction 0, timeout 0, failure 0
Author: request 0, timeouts 0, failover 0, retransmission 0
Response: accept 0, reject 0, challenge 0
Response: unexpected 0, server error 0, incorrect 0, time 0ms
Transaction: success 0, failure 0
Throttled: transaction 0, timeout 0, failure 0
Account: request 2843, timeouts 14, failover 581, retransmission 14
Request: start 375, interim 0, stop 376
Response: start 375, interim 0, stop 376
Response: unexpected 0, server error 0, incorrect 0, time 157ms
Transaction: success 2829, failure 0
Throttled: transaction 0, timeout 0, failure 0
Elapsed time since counters last cleared: 8w6h17m
Estimated Outstanding Access Transactions: 0
Estimated Outstanding Accounting Transactions: 0
Estimated Throttled Access Transactions: 0
Estimated Throttled Accounting Transactions: 0
Maximum Throttled Transactions: access 0, accounting 0
Requests per minute past 24 hours:
high - 1 hours, 15 minutes ago: 4
low - 0 hours, 0 minutes ago: 0
average: 0
RADIUS: id 2, priority 3, host 10.1.1.11, auth-port 1812, acct-port 1813
State: current UP, duration 1678117s, previous duration 60s
Dead: total time 1059s, count 20
Quarantined: No
Authen: request 28, timeouts 19, failover 14, retransmission 14
Response: accept 8, reject 0, challenge 1
Response: unexpected 0, server error 0, incorrect 0, time 158ms
Transaction: success 9, failure 5
Throttled: transaction 0, timeout 0, failure 0
Author: request 0, timeouts 0, failover 0, retransmission 0
Response: accept 0, reject 0, challenge 0
Response: unexpected 0, server error 0, incorrect 0, time 0ms
Transaction: success 0, failure 0
Throttled: transaction 0, timeout 0, failure 0
Account: request 0, timeouts 0, failover 0, retransmission 0
Request: start 0, interim 0, stop 0
Response: start 0, interim 0, stop 0
Response: unexpected 0, server error 0, incorrect 0, time 0ms
Transaction: success 0, failure 0
Throttled: transaction 0, timeout 0, failure 0
Elapsed time since counters last cleared: 8w6h17m
Estimated Outstanding Access Transactions: 0
Estimated Outstanding Accounting Transactions: 0
Estimated Throttled Access Transactions: 0
Estimated Throttled Accounting Transactions: 0
Maximum Throttled Transactions: access 0, accounting 0
Requests per minute past 24 hours:
high - 0 hours, 0 minutes ago: 0
low - 0 hours, 0 minutes ago: 0
average: 0
By this, we can change the priority of the Radius Servers on the Cisco Switch Stack.
Other topics on Radius & Cisco Switch
- RADIUS Bypass/Authorize/Unauthorize On Cisco Switch Interface
- Radius Configuration on Ubiquiti Unifi Wireless Network
- Firmware or IOS Upgrade Of Cisco 2960 Switch Stack
- Cisco 2960 Switch Stack or Member’s Firmware Upgrade Failing
- How To Change Power In Cisco PoE Switches
Source: Cisco, Lab, Knowledge Base
EA00117