Tuesday, June 5, 2012

Groups of AAA servers


  • By default, Cisco ios automatically groups RADIUS & TACACS+ servers configured with the radius-server host & tacacs-server host commands into groups
  • The aaa authentication command includes the keyword group radius or group tacacs+ to refer to these default groups.
  • By default, all defined RADIUS servers end up in the radius group, and all defined TACACS+ servers end up in the tacacs+ group.
  • In case of large servers, make different sets of RADIUS or TACACS+ servers.
  • servers can be grouped by name using the command
    •  aaa authentication enable default group fred local
    • aaa authentication login default group fred none