Cisco 4700M Configuration Manual page 112

Chapter 2 Configuring Authentication and Accounting Services
Configuring the ACE as a Client of a RADIUS, TACACS+, or LDAP Server
Setting the Dead-Time Interval for a RADIUS Server Group
For a RADIUS server group, you can specify a dead-time interval for the server
group. During the dead-time interval, the ACE sends probe access-request packets
to verify that the RADIUS server is available and can receive authentication
requests. The dead-time interval starts when the server does not respond to an
authentication request transmissions. When the server responds to a probe
access-request packet, the ACE retransmits the authentication request to the
server.
Use the deadtime command to globally set the time interval in which the ACE
verifies whether a nonresponsive server group is operational.
This command causes the ACE to mark any RADIUS servers that fail to respond
to authentication requests as dead. This action avoids the wait for the request to
time out before trying the next configured server. The ACE skips a RADIUS
server that is marked as dead by sending additional requests for the duration of the
minutes argument.
The syntax of this command is as follows:
deadtime minutes
The minutes argument is the length of time that the ACE skips a nonresponsive
RADIUS server for transaction requests. Valid entries are from 0 to 1440 minutes
(24 hours). The default is 0.
For example, to globally configure a 15-minute dead-time interval for RADIUS
servers that fail to respond to authentication requests, enter:
host1/Admin(config-radius)# deadtime 15
To reset the RADIUS server dead-time interval to 0, enter:
host1/Admin(config-radius)# no deadtime 15
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
2-42
OL-16202-01