[Ascend] 2 radius servers

[Roger]

Recently I setup 2 FreeRadius servers.  Both have the same config, and 
the users and detail files all synced up.  After adding the new radius 
server to the list of authentication hosts and turning the new radius 
server on things worked fine.  Dialup users were being authenticated, score.

However every hour or so the Ascend box will switch between 
authenticating users between the newer and old radius server.  An hour 
later it will switch back.  I have no idea as to why the Ascend box is 
"bouncing" between the two radius servers.  Authentication is being 
performed sucessfully, I just don't know whats governing it behavior as 
to what radius server it chooses.

The config on the radius servers looks good, also no errors or hic-ups 
in the log files.  Also I can't find any round robin config on the 
ascend.  Right now I'm looking at MAX TNT and/or Auth-Timeout values 
being set to low, however both radius servers are only lightly loaded, 
so that *shouldn't* be an issue. 

I'm confused.

In the event this might be of some help, I've included some info from 
the ascend box.

admin> read external-auth
EXTERNAL-AUTH read
admin> list
[in EXTERNAL-AUTH]
auth-type = RADIUS
acct-type = radius
rad-serv-enable = no
rad-auth-client = { sugar.rockriver.net plum.rockriver.net 0.0.0.0 1645
1645 fl+
rad-acct-client = { sugar.rockriver.net plum.rockriver.net 0.0.0.0 1646 0
flibb+
rad-auth-server = { 0 no rad-serv-attr-any [ 0.0.0.0 0.0.0.0 0.0.0.0
0.0.0.0 0.+
tac-auth-client = { 0.0.0.0 0.0.0.0 0.0.0.0 0 0 "" 0 }
tacplus-auth-client = { 0.0.0.0 0.0.0.0 0.0.0.0 0 0 "" 0 0 }
tacplus-acct-client = { 0.0.0.0 0.0.0.0 0.0.0.0 0 0 "" }
password-profile = { Ascend-CLID Ascend-DNIS ascend ascend ascend ascend
ascend+
local-profiles-first = lpf-no
noattr6-use-termsrv = yes
cli-user-auth = local-then-external

admin> list rad-auth-client
[in EXTERNAL-AUTH:rad-auth-client]
auth-server-1 = 0.0.0.0
auth-server-2 = 0.0.0.0
auth-server-3 = 0.0.0.0
auth-host-1 = sugar.rockriver.net
auth-host-2 = plum.rockriver.net
auth-host-3 = 0.0.0.0
auth-port = 1645
auth-src-port = 1645
auth-key = flibberty!needled!93
auth-pool = no
auth-timeout = 2
auth-rsp-required = no
auth-id-fail-return-busy = no
auth-id-timeout-return-busy = no
auth-sess-interval = 20
auth-TS-secure = yes
auth-Send67 = yes
auth-frm-adr-start = no
auth-boot-host = 0.0.0.0
auth-boot-host-2 = 0.0.0.0
auth-boot-port = 0
auth-reset-time = 0
auth-id-max-retry-time = 0
auth-radius-compat = vendor-specific
auth-keep-user-name = change-name
auth-realm-delimiters = @
id-auth-prefix = ""
allow-auth-config-rqsts = no
auth-req-delim-count = 1
auth-req-strip-side = right
auth-network-route-server = yes
id-auth-prefix-x25 = ""
allow-unencrypted-tunnel-password = no
auth-cli-user-dnis = ""
allow-nas-port-type-in-cli-user-auth = yes

-- 
Rock River Internet                          Roger Grunkemeyer
202 W. State St, 8th Floor                grunky at rockriver.net
Rockford, IL 61101                                815-968-9888