One of the methods used to authorize Internet services in Splynx is the RADIUS protocol. More details about the Splynx RADIUS server you can find in our article or in our documentation.

Starting from Splynx version 4.1, a new Radius failover module was added to work with the RADIUS protocol, ensuring higher reliability and fault tolerance.

What is a Radius failover? Radius failover is a module that allows you to create an additional server or servers that will act as a backup for the main Splynx RADIUS server in the event that the Splynx server is under maintenance or loses connection with the main server. At the same time, the router will automatically switch to the failover server and the end-user will not notice any problems in the operation of its services. Data synchronization between the primary and radius failover server(s) occurs approximately every 2 hours.

There are several benefits to using RADIUS failover, including:

• Improved availability: By having a secondary server ready to take over in case of a failure, you can ensure that users have uninterrupted access to network resources.
• Increased reliability: With a secondary server in place, you can reduce the risk of network outages caused by server failures.
• Better security: RADIUS failover can help protect against cyber attacks that target the primary server, as the secondary server can take over if the primary server is compromised.
• Simplified maintenance: With RADIUS failover, you can perform maintenance on the primary server without disrupting users, as the secondary server will handle authentication requests during the maintenance period.

Configuring radius failover takes place in several stages:

New – newly added server for radius failover (if it is enabled in the configuration, it immediately switches to Init status);

Init – the server initialization process when the necessary packages will be installed and the necessary data for the operation of the backup server will be synchronized (depending on the number of services on the main server, the initialization time may vary on different servers);

Syncing – the process of synchronizing data to ensure the correct operation of new services and after changes in existing services.

Synced – at this stage, all data is synchronized and the radius failover server is ready to work using the RADIUS protocol to provide AAA (authentication, authorization, accounting) tasks. Now you can specify it as another radius server on the router.

Settings:

First, you must have a Radius server configured on your Splynx server. You can learn how to configure the Splynx Radius server from our documentation.

The next stage of configuring radius failover. The setting is located in Config – Networking – Radius failover.

In the server addition window, you must specify the IP address of the backup server for RADIUS and SSH port and execute the commands on the backup server that will be offered in the server addition window. In order for the initialization process to start immediately, it must be turned on in the settings (enabled) and click Add.

After completing all initialization stages, you will have to wait until the process is completed on the remote server. You can view the status of services on the backup server in the radius failover configuration list.

An example of network topology with a failover server (radius auth request to the main server):

An example of a network topology with a failover server when the main one is under maintenance (radius auth request to failover server):

An example of setting up a Mikrotik router to use several Radius servers (main + failover):

An example of failover server operation for PPPoE connections:

And when we use Radius failover: