cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

f5 pool settings for loadbalancing cisco ISE radius servers

sudarshan_cheru
Altostratus
Altostratus

Hi , whats the best choice to choose , service-down-action settings for the cisco ISE radius server loadbalancing.

 

I have only one server under the pool with current f5 setup as below. UDP default profiile, Default Source address Persistence and no snat allow at pool level.

 

Just want to know , how better i can tune the setup to avoid Radius High Authentication Latency.

 

ltm virtual ise-1645-vip {

  destination 10.20.20.20:1645

  ip-protocol udp

  mask 255.255.255.255

  persist {

    source_addr {

      default yes

    }

  }

  pool ise-1645-pool

  profiles {

    udp { }

  }

  source 0.0.0.0/0

  translate-address enabled

  translate-port enabled

  vs-index 228

}

 

 

 

ltm pool ise-1645-pool {

  allow-snat no

  members {

    10.10.10.10:1645 {

      address 10.10.10.10

      priority-group 10

      session monitor-enabled

      state up

    }

  }

  min-active-members 1

  monitor radius-ise

  service-down-action reset

}

 

ltm monitor radius radius-ise {

  debug no

  defaults-from radius

  destination *:*

  interval 180

  password "****"

  secret "****"

  time-until-up 0

  timeout 361

  username HealthCheck

}

 

 

 

1 REPLY 1

AtulAnand
Altostratus
Altostratus

You may like to use fastL4 profile.

Also, if you wanna tweak buffer size of udp profile and validate.