Dead RADIUS server detection
Brocade devices support authentication using up to eight RADIUS servers, including those used for authentication and for management.
The device tries to use the servers in the order they are added to the device configuration. If one RADIUS server times out (does not respond), the Brocade device tries the next one in the list. Servers are tried in the same sequence each time there is a request and if multiple servers are unavailable or not responding, it will result in authentication delay.
The RADIUS servers that are unavailable or that have stopped responding can be detected and marked as dead servers using the radius-server test command. To test the availability of the server, an Access-Request message is sent to the RADIUS server using a non-existent username. This username should not be configured on the server, so that the server responds with Access-Reject message if the server is available. If the Brocade device does not receive a response from a RADIUS server within a specified time limit and number of retries, the RADIUS server is marked as dead. The time limit and number of retries can be manually configured using the radius-server timeout and radius-server retransmit commands respectively. If the parameters are not manually configured, the Brocade device applies the default value of 3 seconds with a maximum of 3 retries. The interval at which the test message to check the status of the server is sent can be configured using the radius-server dead-time command.
device# radius-server test sample device(config)# configure terminal device(config)#radius-server dead-time 5 device(config)# exit device# show radius server ---------------------------------------------------------------------------- Server Type Opens Closes Timeouts Status ---------------------------------------------------------------------------- 10.20.226.113 any 471 247 1 active 10.20.226.114 any 471 247 1 dead