radiusd service failing for 802.1x

  • 1
  • Question
  • Updated 2 years ago
  • (Edited)
We are currently running a 50/50 mix AP230s (6.4r1g.2138 )  & AP370s (6.5r2.2305)
WPA2 enterprise, with Open LDAP directory, initial plan was to use our own FreeRadius Servers, but I couldn't get this to work correctly so switched to using APs for Radius. 

Currently our primary RADIUS server is an AP370, but as the number of users has increased we started noticing problems, and examining the AP's log shows that the radiusd service is terminated about every 81 seconds, see log extract below.

We are looking now to move radius back to our own servers, but in the meantime:

1) How can I use mutliple APs as radius servers? I have four servers but only the primary is used. I don't want to have four policies for this and I don't want to set them from the CLI. Is there a DHCP option for RADIUS, I've seen this alluded to somewhere.

2) Any ideas on how to fix this?
I've looked at a post mentioning 'show aaa radius-server cache' but we don't seem to behitting this limit.

Any useful hints appreciated :-)

015-10-19 17:00:38 info    ah_top: radiusd just bootup, skip first timer circle monitor.2015-10-19 17:00:27 info    radiusd[5116]: Ready to process requests.
2015-10-19 17:00:27 info    radiusd[5116]: Init RADIUS threads
2015-10-19 17:00:27 info    radiusd[5116]: radiusd inform PM to start monitor.
2015-10-19 17:00:27 info    radiusd[5116]: RADIUS: add proxy port 1814 idx 0 to fe
2015-10-19 17:00:27 info    radiusd[5116]: Loaded virtual server <default>
2015-10-19 17:00:27 info    radiusd[5116]: Core dumps are enabled.
2015-10-19 17:00:27 info    radiusd: Init RADIUS lib
2015-10-19 17:00:27 info    radiusd: Register the LDAP port (389) to the self pkt list
2015-10-19 17:00:26 info    ah_scd: Send signal SIGTERM to Radiusd.
2015-10-19 17:00:25 info    radiusd[29560]: Exiting normally.
2015-10-19 17:00:25 info    radiusd[29560]: radiusd inform PM to stop monitor.
2015-10-19 17:00:25 info    radiusd[29560]: mpi close radiusd/blockreply(0x6002a)
2015-10-19 17:00:25 info    radiusd[29560]: mpi close radiusd/blockevt(0x5002a)
2015-10-19 17:00:25 info    radiusd[29560]: mpi close radiusd/lowestevtlib(0x2002a)
2015-10-19 17:00:25 info    radiusd[29560]: mpi close radiusd/hievtlib(0x4002a)
2015-10-19 17:00:25 info    radiusd[29560]: mpi close radiusd/evtlib(0x3002a)
Photo of Kevin Gee

Kevin Gee

  • 54 Posts
  • 4 Reply Likes

Posted 2 years ago

  • 1
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2487 Posts
  • 449 Reply Likes
Hi Kevin,

You should definitely contact official support if the radiusd service is terminating unexpectedly. This community forum is not the appropriate primary venue for resolving issues like that.

You would need to split to using multiple Network Policies to split the load if that is an issue, which obviously is not ideal.

There is not a DHCP option that you can use here. Considering how granular and specific the configuration on an AP can be, this just would not work.

Honestly, as you have likely surmised, you should use external RADIUS servers rather than the built-in ones in larger deployments. The built-in RADIUS server, which incidentally is older FreeRADIUS based, are intended to be a convenience feature for smaller deployments.

If you are ever looking in to using multiple APs as RADIUS servers to cope with the load, that should be a red flag that you are doing the wrong thing.

The FreeRADIUS mailing list is a great resource to get help with its configuration. It can be a little hostile to those who have not read the documentation beforehand though! :P

Do not use Linux distribution supplied versions of FreeRADIUS which are nearly always highly out-of-date and buggy, in the Debian/Ubuntu case going all the way back to 2011!

You should also consider Radiator if some money is available:


It is not prohibitively expensive and you should find it easier to configure.