• August 20, 2019, 02:03:27 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Radius-802.1X Secondary server problem  (Read 491 times)

gobris

  • Level 1 Member
  • *
  • Posts: 6
Radius-802.1X Secondary server problem
« on: June 14, 2019, 05:56:57 AM »

Hello
I have a dlink 1510-28 with 1.60 firmware which released recently.

I have one bug report  and a missing option on 802.1x which both are very important.
First, missing option.
There is no "radius fail" option on configuration. I mean if radius server fails (might be down or a network problem) you can not set any default vlan to users can go on using network..Cisco users might know that as "authentication event server dead action", and "dot1x critical" commands you can set how to behave incase of a radius server fail (not user fail)..  So if your radius fails, all users will be on guest vlan only....which is not acceptable on most cases...

Second case is a serious bug...
I set two radius servers on my network. and set them on my dlink switch for failsafe operation..
My config is;
radius-server deadtime 1
radius-server host 10.1.3.11 key XXXXXX
radius-server host 10.1.3.10 key XXXXXX

which means deadtime 1 minute.. and I expect switch should try second radius server if first one goes down..

After this configuration, I blocked all tcp/udp traffic between switch and 1st radius server with my firewall.. Tried a few times for authenticaion fail to start deadtime process..

After 5 mins.. on webgui, 1st radius server still in status "UP", and according to stats, switch was only trying first radius server not the second one...
Which causes not able to use backup radius server in any case..

Logged