Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EOL/EOE] [WLC] How to configure and load-balance Radius Server Groups in WLC

0

0
Article ID: KB32274 KB Last Updated: 03 Dec 2020Version: 2.0 Summary:

Note: A product listed in this article has either reached hardware End of Life (EOL) OR software End of Engineering (EOE).  Refer to End of Life Products & Milestones for the EOL, EOE, and End of Support (EOS) dates.

 

This article explains how to configure and load-balance Radius Server Groups in WLC.

 

Solution:

Configuring RADIUS Server Groups

  •  A server group has up to four RADIUS servers. Before using a RADIUS server for authentication, first create a RADIUS server group and then add the RADIUS server to the group.

  • Load balancing can also be configured so that authentications are distributed between servers in the group. You must declare all members of a server group, in contact order, when creating the group.

  • Once the group is configured, use a server group name as the AAA method with the set authentication and set accounting commands. Subsequently, you can change the members of a group or configure load balancing.

  • If you add or remove a RADIUS server in a server group, all the RADIUS dead timers for that server group are reset to the global default.


Creating Server Groups

  • To create a server group, you must have the RADIUS servers configured. 

  • After configuring RADIUS servers, type the following command:

    #set server group group-name members server-name1 [server-name2] [server-name3] [server-name4]

    For example, to create a server group called shorebirds with the RADIUS servers heron, egret, and sandpiper, type the following commands:

    WLC# set radius server egret address 192.168.253.1 key apple
    WLC# set radius server heron address 192.168.253.2 key pear
    WLC# set radius server sandpiper address 192.168.253.3 key plum
    WLC# set server group shorebirds members egret heron sandpiper

    In this example, a request to shorebirds contacts the RADIUS servers in the order listed in the server group configuration, first egret, then heron, then sandpiper. You can change the RADIUS servers in server groups at any time.

Configuring Load Balancing

  • You can also configure the WLC to distribute authentication requests across RADIUS servers in a server group. Distributing the authentication process across multiple RADIUS servers significantly reduces the load on individual servers while increasing resiliency on a system-wide basis.

  • When you configure load balancing, the first client RADIUS requests are directed to the first server in the group, the second client RADIUS requests are directed to the second server in the group, and so on. When the last server in the group is reached, the cycle is repeated.

To configure load balancing, use the following command:

 #set server group group-name load-balance enable

 Example configuring RADIUS servers pelican and seagull as the server group swampbirds with load balancing:

  1. Configure the members of a server group by typing the following command:

    WLC# set server group swampbirds members pelican seagull
    success: change accepted.

  2. Enable load balancing by typing the following command:

    WLC# set server group swampbirds load-balance enable
    success: change accepted.

Example configuring Servergroup:

  • In this example, there are two pre-configured radius servers with the following IP address
    Radius Server 1: 10.9.221.231
    Radius Server 2: 10.9.221.250

  • configuring radius servers egret and heron with the below commands:
    #set radius server egret address 10.9.221.232 key apple
    #set radius server heron address 10.9.221.250 key pear

  • Adding these two radius servers to a radius group shorebirds with the below command:
    #set server group shorebirds members egret heron.

  • After adding these members to the server group shorebirds, configuring load-balancing with the below command:
    #set server group shorebirds load-balance enable.

  • Once the configuration has been done, we can verify the server group by typing the below command.

     WLC#    show radius
 Radius Servers
 Server            Addr           Ports           T/o     Tries     Dead     State
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 
 heron             10.9.221.232   1812    1813    5       3          0       UP
 egret             10.9.221.250   1812    1813    5       3          0       UP
 
Server groups

                       shorebirds (load-balanced):  heron egret
Modification History:

2020-12-03: Tagged article for EOL/EOE

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search