AAA Config on Router

Answered Question
Aug 25th, 2010

I found the following config on one the routers.The tacacs-server's are defined both in groups as well as individually. Which one can I remove?

aaa group server tacacs+ mytacgrp
server X.X.80.55
server Y.Y.126.50

aaa authentication login default group tacacs+ local
aaa authentication login fallback group tacacs+ enable
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
aaa session-id common

tacacs-server host X.X.80.55
tacacs-server host Y.Y.126.50
tacacs-server directed-request
tacacs-server key 7 XXXXXXXXXXXX

I have this problem too.
0 votes
Correct Answer by Przemyslaw Konitz about 6 years 5 months ago
The AAA server-group feature introduces a way to group existing server hosts. The feature enables you to select a subset of the configured server hosts and use them for a particular service

you use global "tacacs+" server group so

aaa group server tacacs+ mytacgrp can be removed (its unused)

If you had for example "aaa authentication login default group mytacgrp local", you would use it. What is more this specific group has exacly the same servers as global one so it is unnecessary

regards

Przemek

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Przemyslaw Konitz Thu, 08/26/2010 - 00:55
The AAA server-group feature introduces a way to group existing server hosts. The feature enables you to select a subset of the configured server hosts and use them for a particular service

you use global "tacacs+" server group so

aaa group server tacacs+ mytacgrp can be removed (its unused)

If you had for example "aaa authentication login default group mytacgrp local", you would use it. What is more this specific group has exacly the same servers as global one so it is unnecessary

regards

Przemek

Actions

This Discussion