We have multiple POP's pointing to a single FreeRadius server for PPPoE auth/accounting. The Winbox for ROS seems to allow for one Radius server IP to be specified only and does not seem to accept DNS name.

The problem to solve is that Radius becomes a single point of failure for all pops. To begin to address this, a second FreeRadius daemon is running on another internal private routed network and all data is replicated bi-directionally between the two with MySQL. Now, the failover needs to be worked out.

Radius 1: 10.5.2.11 (primary radius server)
Radius 2: 10.6.2.11 (hot standby radius server with MySQL replication to primary)

One idea I had was to create a "virtual" Radius IP, say 10.2.2.11, that forwards to the primary Radius server first and standby Radius server if primary is not responding to Ping or other test.

I started to consider perhaps NAT/Mangle as an approach. Not sure that I am on the right track. I'm hoping to find a best practice of sorts that addresses the challenge. Has anyone seen any good examples/references that might apply?

Any advice much appreciated!!

just add two RADIUSes to RouterOS

Hope it is that easy! I did not see a way to specify more than one IP from Winbox -> Radius menu. Maybe it can be done from command-line and no GUI? I am using ROS 3.2...

Will try this evening...
Thanks!

not 'specyfy more than 1 IP', but 'add another RADIUS Client with another server IP'

That makes sense - can't wait to try it out. Thank you!

you are welcome