AAA Config on Router

Answered Question
Aug 25th, 2010
User Badges:

I found the following config on one the routers.The tacacs-server's are defined both in groups as well as individually. Which one can I remove?


aaa group server tacacs+ mytacgrp
server X.X.80.55
server Y.Y.126.50


aaa authentication login default group tacacs+ local
aaa authentication login fallback group tacacs+ enable
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
aaa session-id common


tacacs-server host X.X.80.55
tacacs-server host Y.Y.126.50
tacacs-server directed-request
tacacs-server key 7 XXXXXXXXXXXX

Correct Answer by Przemyslaw Konitz about 6 years 10 months ago
The AAA server-group feature introduces a way to group existing server hosts. The feature enables you to select a subset of the configured server hosts and use them for a particular service


you use global "tacacs+" server group so


aaa group server tacacs+ mytacgrp can be removed (its unused)


If you had for example "aaa authentication login default group mytacgrp local", you would use it. What is more this specific group has exacly the same servers as global one so it is unnecessary


regards

Przemek

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Przemyslaw Konitz Thu, 08/26/2010 - 00:55
User Badges:
The AAA server-group feature introduces a way to group existing server hosts. The feature enables you to select a subset of the configured server hosts and use them for a particular service


you use global "tacacs+" server group so


aaa group server tacacs+ mytacgrp can be removed (its unused)


If you had for example "aaa authentication login default group mytacgrp local", you would use it. What is more this specific group has exacly the same servers as global one so it is unnecessary


regards

Przemek

Actions

This Discussion