Unexpected behaviour on radius server priority

noc.tlc · May 6, 2026, 2:46pm

Hi,

I’m using vyos as a BNG server and I’ve configured two radius servers under the pppoe-server section as one should be in failover to the other.

Unfortunately the Accounting-Request and the Access-Request messages are sent randomly between the two configured servers.

Am I doing something wrong with the configuration? It’s this one and ip 1.1.1.1 should be the primary while 2.2.2.2 the secondary

set service pppoe-server authentication mode ‘radius’
set service pppoe-server authentication protocols ‘pap’
set service pppoe-server authentication radius accounting-interim-interval ‘3600’
set service pppoe-server authentication radius called-sid-format ‘ifname’
set service pppoe-server authentication radius nas-identifier ‘REDACTED’
set service pppoe-server authentication radius preallocate-vif
set service pppoe-server authentication radius server 1.1.1.1 acct-port ‘1813’
set service pppoe-server authentication radius server 1.1.1.1 fail-time ‘10’
set service pppoe-server authentication radius server 1.1.1.1 key ‘REDACTED’
set service pppoe-server authentication radius server 1.1.1.1 port ‘1812’
set service pppoe-server authentication radius server 1.1.1.1 priority ‘1’
set service pppoe-server authentication radius server 2.2.2.2 acct-port ‘1813’
set service pppoe-server authentication radius server 2.2.2.2 fail-time ‘10’
set service pppoe-server authentication radius server 2.2.2.2 key ‘REDACTED’
set service pppoe-server authentication radius server 2.2.2.2 port ‘1812’
set service pppoe-server authentication radius server 2.2.2.2 priority ‘2’

output of command “show pppoe-server statistics”

show pppoe-server statistics
uptime: 2.06:34:48
cpu: 0%
mem(rss/virt): 10112/308760 kB
core:
mempool_allocated: 196975
mempool_available: 162895
thread_count: 4
thread_active: 1
context_count: 17
context_sleeping: 48
context_pending: 0
md_handler_count: 9
md_handler_pending: 0
timer_count: 6
timer_pending: 0
sessions:
starting: 0
active: 2
finishing: 0
pppoe:
starting: 0
active: 2
delayed PADO: 0
recv PADI: 34877
drop PADI: 0
sent PADO: 34853
recv PADR(dup): 45(1)
sent PADS: 45
filtered: 0
radius(2, 1.1.1.1):
state: active
fail count: 0
request count: 0
queue length: 0
auth sent: 5
auth lost(total/5m/1m): 0/0/0
auth avg query time(5m/1m): 0/0 ms
acct sent: 7
acct lost(total/5m/1m): 0/0/0
acct avg query time(5m/1m): 0/0 ms
interim sent: 50
interim lost(total/5m/1m): 0/0/0
interim avg query time(5m/1m): 0/0 ms
radius(3, 2.2.2.2):
state: active
fail count: 0
request count: 0
queue length: 0
auth sent: 3
auth lost(total/5m/1m): 0/0/0
auth avg query time(5m/1m): 1039/0 ms
acct sent: 2
acct lost(total/5m/1m): 0/0/0
acct avg query time(5m/1m): 0/0 ms
interim sent: 0
interim lost(total/5m/1m): 0/0/0
interim avg query time(5m/1m): 0/0 ms

Thanks in advance

noc.tlc · May 11, 2026, 1:30pm

Hi,

someone here has experimented something similar?
Can you point me toward a direction?

Thanks

a.kudientsov · May 13, 2026, 6:02pm

Hi! Could you try the following:

  delete service pppoe-server authentication radius server 1.1.1.1 priority
  delete service pppoe-server authentication radius server 2.2.2.2 priority
  set    service pppoe-server authentication radius server 2.2.2.2 backup

a.kudientsov · May 13, 2026, 6:07pm

Looking at the source code - vyos-1x/data/templates/accel-ppp/config_chap_secrets_radius.j2 at current · vyos/vyos-1x · GitHub

it appears that the cli priority option is being emitted to accel‑ppp as weight=N

{%         if options.priority is vyos_defined %}
{%             set _server_cfg = _server_cfg + ",weight=" + options.priority %}
{%         endif %}

noc.tlc · May 14, 2026, 8:07am

Hi,

many many many thanks for the answer, i confirm that in this way it’s working correctly!

A little note, if you want i can open a new thread, i’ve noticed in several commands that the “delete” action in reality doesn’t delete the commands, only a new “set” or a fresh reboot let things work as expected, I can give you a couple of examples

I did the “delete” commands you asked me, but without rebooting the Accounting requests (port 1813) keep went on the “priority 1” radius, while the Auth&Auth (port 1812) went on the “priority 2” one, despite several up & down of different pppoe

So i rebooted the router and all is working correctly.

The same thing happened with the delete of the radius server source interface, and another couple of commands not related to the pppoe-server

Let me know if you want me to open a new bug thread, so you can analyze it properly

Thanks again for the solution, and the explanation given

a.kudientsov · May 14, 2026, 8:18am

Thanks for the confirmation, good to hear this resolves the issue. Kindly create a https://vyos.dev/ ticket with info to reproduce the problem you described