Recently I setup 2 FreeRadius servers. Both have the same config, and the users and detail files all synced up. After adding the new radius server to the list of authentication hosts and turning the new radius server on things worked fine. Dialup users were being authenticated, score. However every hour or so the Ascend box will switch between authenticating users between the newer and old radius server. An hour later it will switch back. I have no idea as to why the Ascend box is "bouncing" between the two radius servers. Authentication is being performed sucessfully, I just don't know whats governing it behavior as to what radius server it chooses. The config on the radius servers looks good, also no errors or hic-ups in the log files. Also I can't find any round robin config on the ascend. Right now I'm looking at MAX TNT and/or Auth-Timeout values being set to low, however both radius servers are only lightly loaded, so that *shouldn't* be an issue. I'm confused. In the event this might be of some help, I've included some info from the ascend box. admin> read external-auth EXTERNAL-AUTH read admin> list [in EXTERNAL-AUTH] auth-type = RADIUS acct-type = radius rad-serv-enable = no rad-auth-client = { sugar.rockriver.net plum.rockriver.net 0.0.0.0 1645 1645 fl+ rad-acct-client = { sugar.rockriver.net plum.rockriver.net 0.0.0.0 1646 0 flibb+ rad-auth-server = { 0 no rad-serv-attr-any [ 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.+ tac-auth-client = { 0.0.0.0 0.0.0.0 0.0.0.0 0 0 "" 0 } tacplus-auth-client = { 0.0.0.0 0.0.0.0 0.0.0.0 0 0 "" 0 0 } tacplus-acct-client = { 0.0.0.0 0.0.0.0 0.0.0.0 0 0 "" } password-profile = { Ascend-CLID Ascend-DNIS ascend ascend ascend ascend ascend+ local-profiles-first = lpf-no noattr6-use-termsrv = yes cli-user-auth = local-then-external admin> list rad-auth-client [in EXTERNAL-AUTH:rad-auth-client] auth-server-1 = 0.0.0.0 auth-server-2 = 0.0.0.0 auth-server-3 = 0.0.0.0 auth-host-1 = sugar.rockriver.net auth-host-2 = plum.rockriver.net auth-host-3 = 0.0.0.0 auth-port = 1645 auth-src-port = 1645 auth-key = flibberty!needled!93 auth-pool = no auth-timeout = 2 auth-rsp-required = no auth-id-fail-return-busy = no auth-id-timeout-return-busy = no auth-sess-interval = 20 auth-TS-secure = yes auth-Send67 = yes auth-frm-adr-start = no auth-boot-host = 0.0.0.0 auth-boot-host-2 = 0.0.0.0 auth-boot-port = 0 auth-reset-time = 0 auth-id-max-retry-time = 0 auth-radius-compat = vendor-specific auth-keep-user-name = change-name auth-realm-delimiters = @ id-auth-prefix = "" allow-auth-config-rqsts = no auth-req-delim-count = 1 auth-req-strip-side = right auth-network-route-server = yes id-auth-prefix-x25 = "" allow-unencrypted-tunnel-password = no auth-cli-user-dnis = "" allow-nas-port-type-in-cli-user-auth = yes -- Rock River Internet Roger Grunkemeyer 202 W. State St, 8th Floor grunky at rockriver.net Rockford, IL 61101 815-968-9888