aaa group server: server or private-server

erikisme1 · ‎07-04-2013

Hi,

I'm a bit confused on when to use the SERVER A.B.C.D command of SERVER-PRIVATE A.B.C.D command in the following:

aaa group server tacacs+ acs-servers

server-private 10.1.2.2 single-connection key 7 12345

server-private 10.1.2.3 single-connection key 7 12345

What exactly is the diference between 'server-private' and 'server'? If it where to make a difference in RFC1918 and non-RFC1918 addresses, then what's the extra functionality?

Erik

Eduardo Aliaga · ‎07-04-2013

Hello. Here the word "private" doesn't relate to RFC1918.

If you use the "server" command within the "aaa group server" , this server could be used in another groups, sometimes unintentionally.

On the other hand the "server-private" comand within the "aaa group server", assures you this server will only be used by this group.

please rate if this helps

Jatin Katyal · ‎07-04-2013

Use the server-private command to associate a particular private server with a defined server group. Private servers (servers with private addresses) can be defined within the server group and remain hidden from other groups, while the servers in the global pool (for example, default radius server group) can still be referred to by IP addresses and port numbers. Thus, the list of servers in server groups includes references to the hosts in the global configuration and the definitions of private servers.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

erikisme1 · ‎07-05-2013

Ok thanks! This helps!

- What practical benefit would it give to hide servers from other groups? What kind of scenario could that be?

- Say i would want to use the servers i mentioned for Tacacs AND Radius, does that mean i should not be using 'server-private'?

Erik