Cisco CCNA (640-553) Security Training

 

Using the “aaa group server diameter” command

 

By Charles Ross CCNA - CCNP #CSCO10444244

 

In today’s article, I’m going to inform you about the Cisco IOS global configuration mode command named “aaa group server radius”

 

CCNA’s (like you) use the “aaa group server radius” command to group different RADIUS server hosts into distinct lists and distinct methods. 

 

Another way of saying it is, network administrators (like you) use the command to select a subset of configured RADIUS server hosts and use them for a particular service. A “group server” is a list of RADIUS server hosts. The router uses a “group server” and a “global server list”; a “global server list” is a “group server” of IP addresses, which are the IP addresses of the selected server hosts.

 

Below is the command’s syntax:

  

aaa group server radius group-name

 

As you can see, the command is really easy to use; and the group-name argument, is used to name the group of configured RADIUS servers. By the way, the following words can’t be used as a group-name argument: 

  1. auth-guest

  2. enable

  3. if-authenticated

  4. if-needed

  5. guest

  6. krb5

  7. krb-instance

  8. krb-telnet

  9. tacacsplus

  10. tacacs

  11. rcmd

  12. radius

  13. none

  14. local

  15. line


Below is an example of the command being used:

 

Router>enable

Router#configure terminal

Router(config)#aaa new-model

Router(config)#aaa group server radius radiusittechtips

Router(config-sg-radius)#server 10.1.1.1 auth-port 1800 acct-port 1801

Router(config-sg-radius)#server 10.2.2.2 auth-port 1802 acct-port 1803

Router(config-sg-radius)#server 10.3.3.3 auth-port 1805 acct-port 1806

Router(config-sg-radius)#end

Router#copy run start

 

In the example above, the AAA group server named radiusittechtips has three member servers.

 

Note: If auth-port and acct-port are not specified, the default value of auth-port is 1645 and the default value of acct-port is 1646. 

 

And, just like mostly all Cisco IOS commands; you can use the word “no” in front of the command to remove (disable) the configured command; like you see below:

  

Router(config)#no aaa group server radius radiusittechtips

 

By the way, if you decide to use the command, make sure your router(s) is running Cisco IOS 12.0(5)T or higher.

 

I hope this article was very informative and helped you quickly understand the usage of the aaa group server radius command. If you need to learn more; I suggest you visit my website, (www.ccnaittechtips.com) were you’ll find the latest information regarding the Cisco CCNA (640-553) Security exam techniques.

 

To your success,

 

Charles Ross

CCNA- CCNP #CSCO10444244

http://www.ccnaittechtips.com