08-25-2010 10:48 PM - edited 03-10-2019 05:21 PM
I found the following config on one the routers.The tacacs-server's are defined both in groups as well as individually. Which one can I remove?
aaa group server tacacs+ mytacgrp
server X.X.80.55
server Y.Y.126.50
aaa authentication login default group tacacs+ local
aaa authentication login fallback group tacacs+ enable
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
aaa session-id common
tacacs-server host X.X.80.55
tacacs-server host Y.Y.126.50
tacacs-server directed-request
tacacs-server key 7 XXXXXXXXXXXX
Solved! Go to Solution.
08-26-2010 12:55 AM
The AAA server-group feature introduces a way to group existing server hosts. The feature enables you to select a subset of the configured server hosts and use them for a particular service
you use global "tacacs+" server group so
aaa group server tacacs+ mytacgrp can be removed (its unused)
If you had for example "aaa authentication login default group mytacgrp local", you would use it. What is more this specific group has exacly the same servers as global one so it is unnecessary
regards
Przemek
08-26-2010 12:55 AM
The AAA server-group feature introduces a way to group existing server hosts. The feature enables you to select a subset of the configured server hosts and use them for a particular service
you use global "tacacs+" server group so
aaa group server tacacs+ mytacgrp can be removed (its unused)
If you had for example "aaa authentication login default group mytacgrp local", you would use it. What is more this specific group has exacly the same servers as global one so it is unnecessary
regards
Przemek
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: