Hi, We've run into a problem with our freeradius server virtual machine. It's a RHEL5.5 VM running on ESXi 4.1 and it talks to a cisco NAS. It currently works but we have performance issues, which I have partly tracked down to a very specific VMware issue - if running linux with more than 1 vCPU, vmxnet3 NIC connected to a distributed vSwitch. The work around is to change the network adapters to something other than a vmxnet3 adapter.
However, this is where my radius problem comes in. When I change the NICs, the MAC address changes, which means I need to setup the static IP addresses again. Not a problem and I can then ping the cisco device and the cisco device can ping the radius server. The problem is, no radius traffic flows between them. Since this is a VM, I took a snapshot first, so rolling back to the snapshot started radius working again with the vmxnet3 adapter and the old MAC address. iptables is disabled so there are no firewall issues. The arp table on the cisco device has had the old MAC address entry for the radius server removed and it detects the new MAC address correctly after a ping. Is there something I have missed that binds radius to a specific MAC address? The MAC address change is the only thing I can think of, but may have nothing to do with it. Running radtest on the radius server would appear to show that radius is authenticating successfully and the radius.log shows radius started and ready to accept connections. Can anyone offer suggestions? I can provide the output from radiusd -X if needed but will take me a day or two to get it since this is on a production server that can only be worked on at 3am! The VM is configured with 2 vCPU and 4GB RAM. The cisco NAS is reporting approx 2000 requests a minute, so not exactly super busy. I've seen other posts in the mailing list suggesting FreeRADIUS can cope with 1000's per second! Many thanks, Roly. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html