Solved: AAA Config on Router

avilt · ‎08-25-2010

I found the following config on one the routers.The tacacs-server's are defined both in groups as well as individually. Which one can I remove?

aaa group server tacacs+ mytacgrp
server X.X.80.55
server Y.Y.126.50

aaa authentication login default group tacacs+ local
aaa authentication login fallback group tacacs+ enable
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
aaa session-id common

tacacs-server host X.X.80.55
tacacs-server host Y.Y.126.50
tacacs-server directed-request
tacacs-server key 7 XXXXXXXXXXXX

Przemyslaw Konitz · ‎08-26-2010

The AAA server-group feature introduces a way to group existing server hosts. The feature enables you to select a subset of the configured server hosts and use them for a particular service

you use global "tacacs+" server group so

aaa group server tacacs+ mytacgrp can be removed (its unused)

If you had for example "aaa authentication login default group mytacgrp local", you would use it. What is more this specific group has exacly the same servers as global one so it is unnecessary

regards

Przemek

View solution in original post

Przemyslaw Konitz · ‎08-26-2010

The AAA server-group feature introduces a way to group existing server hosts. The feature enables you to select a subset of the configured server hosts and use them for a particular service

you use global "tacacs+" server group so

aaa group server tacacs+ mytacgrp can be removed (its unused)

If you had for example "aaa authentication login default group mytacgrp local", you would use it. What is more this specific group has exacly the same servers as global one so it is unnecessary

regards

Przemek