484 Configuring Communication with RADIUS320657-ACreating Server GroupsTo create a server group, you must first configure the RADIUS servers with their addresses and any optional parameters.After configuring RADIUS servers, type the following command:set server group group-name members server-name1 [server-name2] [server-name3][server-name4]For example, to create a server group called shorebirds with the RADIUS servers heron, egret, and sandpiper, type thefollowing commands:23x0# set radius server egret address 192.168.253.1 key apple23x0# set radius server heron address 192.168.253.2 key pear23x0# set radius server sandpiper address 192.168.253.3 key plum23x0# set server group shorebirds members egret heron sandpiperIn this example, a request to shorebirds results in the RADIUS servers being contacted in the order that they are listed inthe server group configuration, first egret, then heron, then sandpiper. You can change the RADIUS servers in servergroups at any time. (See “Adding Members to a Server Group” on page 485.)Ordering Server GroupsYou can configure up to four methods for authentication, authorization, and accounting (AAA). AAA methods can bethe local database on the WSS switch and/or one or more RADIUS server groups. You set the order in which the WSSswitch attempts the AAA methods by the order in which you enter the methods in CLI commands.In most cases, if the first method results in a pass or fail, the evaluation is final. If the first method does not respond orresults in an error, the WSS switch tries the second method and so on.However, if the local database is the first method in the list, followed by a RADIUS server group, the WSS switchresponds to a failed search of the database by sending a request to the following RADIUS server group. This exception iscalled local override.For more information, see “AAA Methods for IEEE 802.1X and Web Network Access” on page 412.Configuring Load BalancingYou can configure the WSS switch to distribute authentication requests across RADIUS servers in a server group, whichis called load balancing. Distributing the authentication process across multiple RADIUS servers significantly reducesthe load on individual servers while increasing resiliency on a systemwide basis.Note. Any RADIUS servers that do not respond are marked dead (unavailable) for aperiod of time. The unresponsive server is skipped over, as though it did not exist, during itsdead time. Once the dead time elapses, the server is again a candidate for receivingrequests. To change the default dead-time timer, use the set radius or set radius servercommand.