2.5 Retransmission Hints

2.5. Retransmission Hints

If the RADIUS server and alternate RADIUS server share the same shared secret, it is OK to retransmit the packet to the alternate RADIUS server with the same ID and Request Authenticator, because the content of the attributes haven't changed. If you want to use a new Request Authenticator when sending to the alternate server, you may.

If you change the contents of the User-Password attribute (or any other attribute), you need a new Request Authenticator and therefore a new ID.

If the NAS is retransmitting a RADIUS request to the same server as before, and the attributes haven't changed, you MUST use the same Request Authenticator, ID, and source port. If any attributes have changed, you MUST use a new Request Authenticator and ID.

A NAS MAY use the same ID across all servers, or MAY keep track of IDs separately for each server, it is up to the implementer. If a NAS needs more than 256 IDs for outstanding requests, it MAY use

additional source ports to send requests from, and keep track of IDs for each source port. This allows up to 16 million or so outstanding requests at one time to a single server.