Forum Discussion
f5 pool settings for loadbalancing cisco ISE radius servers
Hi , whats the best choice to choose , service-down-action settings for the cisco ISE radius server loadbalancing.
I have only one server under the pool with current f5 setup as below. UDP default profiile, Default Source address Persistence and no snat allow at pool level.
Just want to know , how better i can tune the setup to avoid Radius High Authentication Latency.
ltm virtual ise-1645-vip {
destination 10.20.20.20:1645
ip-protocol udp
mask 255.255.255.255
persist {
source_addr {
default yes
}
}
pool ise-1645-pool
profiles {
udp { }
}
source 0.0.0.0/0
translate-address enabled
translate-port enabled
vs-index 228
}
ltm pool ise-1645-pool {
allow-snat no
members {
10.10.10.10:1645 {
address 10.10.10.10
priority-group 10
session monitor-enabled
state up
}
}
min-active-members 1
monitor radius-ise
service-down-action reset
}
ltm monitor radius radius-ise {
debug no
defaults-from radius
destination *:*
interval 180
password "****"
secret "****"
time-until-up 0
timeout 361
username HealthCheck
}
- AtulAnandAltostratus
You may like to use fastL4 profile.
Also, if you wanna tweak buffer size of udp profile and validate.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com