Q: How to troubleshoot that radius up-down occurs to MA5200?
A: The detection scheme of MA5200 for RADIUS: the authentication and accounting packet of a user is transmitted to the active authentication and accounting server in RADIUS server group, and the active RADIUS server should respond it with packets generally, so the active RADIUS server will be UP; for one authentication or accounting packet, if MA5200 gets no response after retransmission of several times (it is configurable, 3 by default), it is regarded that RADIUS is not available, and it prints an alarm that RADIUS server DOWN. So the authentication and accounting packets will be sent to the standby RADIUS server, realizing the switchover.
If it prompts an alarm of RADIUS UP/DOWN, the root reason lies in that an authentication or accounting packet (including those retransmitted) transmitted by MA5200 gets no response. So the troubleshooting of RADIUS UP/DOWN is the same as that of no response for RADIUS authentication and accounting packet.
Generally, RADIUS has a great deal of load, and occasional RADIUS UP/DOWN will not influence the authentication and accounting requests of BAS equipment. MA5200 can detect the state of RADIUS automatically. If the active RADIUS server is DOWN, MA5200 will try to transmit packets to the active RADIUS, and if only it responds, the active RADIUS will turn to UP. If RADIUS UP/DOWN occurs frequently, it needs to check:
1. Whether or not RADIUS has a large load, and it takes a long time to process packets.
2. Whether or not the links from MA5200 to RADIUS is poor in quality, and the delay of packets is very long.
For the problem caused by first point, improve the configuration of RADIUS server or add a new server for load balance; for the problem caused by second point, it needs to optimize the network, and you can prolong the timeout span at MA5200 once necessary.