Cisco CCNA (640-553) Security Training

 

Using the “aaa group server tacacs+” command

 

By Charles Ross CCNA - CCNP #CSCO10444244

 

In today’s article, I’m going to inform you about the Cisco IOS global configuration mode command named “aaa group server tacacs+”

 

CCNA’s (like you) use the “aaa group server tacacs+” command to group different TACACS+ server hosts into distinct lists and distinct methods. 

 

Another way of saying it is, network administrators (like you) use the command to select a subset of configured TACACS+ server hosts and use them for a particular service. A “group server” is a list of TACACS+ server hosts. The router uses a “group server” and a “global server list”; a “global server list” is a “group server” of IP addresses, which are the IP addresses of the selected server hosts.

 

Below is the command’s syntax:

  

aaa group server tacacs+ group-name

 

As you can see, the command is really easy to use; and the group-name argument, is used to name the group of configured TACACS+ servers. By the way, the following words can’t be used as a group-name argument: 

  1. auth-guest

  2. enable

  3. if-authenticated

  4. if-needed

  5. guest

  6. krb5

  7. krb-instance

  8. krb-telnet

  9. tacacsplus

  10. tacacs

  11. rcmd

  12. radius

  13. none

  14. local

  15. line


Below is an example of the command being used:

 

Router>enable

Router#configure terminal

Router(config)#aaa new-model

Router(config)#aaa group server tacacs+ tacacsittechtips

Router(config-sg-radius)#server 10.1.1.1

Router(config-sg-radius)#server 10.2.2.2

Router(config-sg-radius)#server 10.3.3.3

Router(config-sg-radius)#end

Router#copy run start

 

In the example above, the AAA group server named tacacsittechtips has three member servers.

 

And, just like mostly all Cisco IOS commands; you can use the word “no” in front of the command to remove (disable) the configured command; like you see below:

  

Router(config)#no aaa group server tacacs+ tacacsittechtips

   

By the way, if you decide to use the command, make sure your router(s) is running Cisco IOS 12.0(5)T or higher.

 

I hope this article was very informative and helped you quickly understand the usage of the aaa group server tacacs+ command. If you need to learn more; I suggest you visit my website, (www.ccnaittechtips.com) were you’ll find the latest information regarding the Cisco CCNA (640-553) Security exam techniques.

 

To your success,

 

Charles Ross

CCNA- CCNP #CSCO10444244

http://www.ccnaittechtips.com