Load balancing the ISE services Radius and HTTPS
I'm trying to load balance the Cisco ISE services Radius and HTTPS service using the F5 LTM. To setup the irule i'm following the procedure given on the Cisco portal
For Guest portal authentication it is required to match Radius Authentication with HTTP session and ensure that they all land on the same Server.
In this guide they have given the irule for the Radius and HTTPS services but when i apply the Radius irule, F5 drops all the connections. It receives the connection but it doesn't forward the connection to pool members.
iRule code for Radius VS:
adding persistence based on Calling-Station-ID
when LB_SELECTED {
log local0. "session table entry added: "
session add uie "persist:[RADIUS::avp 31]" [LB::server addr]
}
lookup and adding persistence based on Framed-IP-Addr
when CLIENT_ACCEPTED {
log local0. "session table lookup result for calling station ID of [RADIUS::avp 31]: [session lookup uie "persist:[RADIUS::avp 31]"]"
if {[session lookup uie "persist:[RADIUS::avp 31]"] ne ""} {
log local0. "lookup match: [session lookup uie "persist:[RADIUS::avp 31]"]"
node [session lookup uie "persist:[RADIUS::avp 31]"]
log local0. "session table entry added: "
session add uie "persist:[RADIUS::avp 8]" [session lookup uie "persist:[RADIUS::avp 31]"]
}
}
iRule code for HTTP VS:
lookup based on client_addr expecting to match entry created based on Framed-IP-Addr
when HTTP_REQUEST {
log local0. "session table lookup result for web client of [IP::client_addr]: [session lookup uie "persist:[IP::client_addr]"]"
if {[session lookup uie "persist:[IP::client_addr]"] ne ""} {
node [session lookup uie "persist:[IP::client_addr]"]
}
}
In the /var/log/ltm i can see the below errors
Aug 29 08:47:13 LB-01 info tmm[16932]: Rule /Common/RADIUS_VS : session table lookup result for calling station ID of b4-6b-fc-db
-13-1b:
Aug 29 08:47:13 LB-01 err tmm[16932]: 01220001:3: TCL error: /Common/RADIUS_VS - More data required (line 1) (line 1) invoked from within "RADIUS::avp 31"
I have checked in the Radius server logs that Calling-Station-ID value is showing up in Radius server logs, not sure why iRule is giving error and dropping the traffic.
I'm newbie i'm still learning the iRule. Any help appreciated.