Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
193
Views
2
Helpful
4
Replies

Couple of AAA questions

Go to solution
ColForbin
Level 1
Level 1

‎03-04-2025 09:45 AM

Just trying to verify the difference in these two commands

aaa authentication login default group radius local

aaa authentication login default radius local 

Is the use of the group keyword necessary?

thanks 

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎03-04-2025 10:09 AM

@ColForbin on my switch version I have to hand, they do the same thing. If you configure the command "aaa authentication login default radius local" the actual switch configuration (via show run) is "aaa authentication login default group radius local"

If you specify the "group" command you can explictly configure a RADIUS group of servers (e.g. "aaa authentication login default group RAD-GRP loca"l), as opposed to all RADIUS servers.

View solution in original post

Go to solution
M02@rt37
VIP
VIP

‎03-04-2025 10:11 AM

Hello @ColForbin 

Yes, the group keyword is necessary if you want to specify a radius server group instead of just the raidus method. Without it, the command still works but doesn't explicitly reference a group—just the general radius method. Functionally, they behave similarly in most cases, but using group radius is the proper way to reference a defined RADIUS server group.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

4 Replies 4

Go to solution
ColForbin
Level 1
Level 1

‎03-04-2025 10:07 AM

AAAA group server radius is not used in my config. Just have a single radius server defined. My guess is 

aaa authentication login default group radius local

needs to be used if you have a group, but also works with a standalone server.  But

aaa authentication login default radius local

can only be used with a single server. 

Logical. But wouldn’t be the first time logic didn’t pan out in the Cisco world lol

0 Helpful

Go to solution
Rob Ingram
VIP
VIP

‎03-04-2025 10:09 AM

@ColForbin on my switch version I have to hand, they do the same thing. If you configure the command "aaa authentication login default radius local" the actual switch configuration (via show run) is "aaa authentication login default group radius local"

If you specify the "group" command you can explictly configure a RADIUS group of servers (e.g. "aaa authentication login default group RAD-GRP loca"l), as opposed to all RADIUS servers.

Go to solution
M02@rt37
VIP
VIP

‎03-04-2025 10:11 AM

Hello @ColForbin 

Yes, the group keyword is necessary if you want to specify a radius server group instead of just the raidus method. Without it, the command still works but doesn't explicitly reference a group—just the general radius method. Functionally, they behave similarly in most cases, but using group radius is the proper way to reference a defined RADIUS server group.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Go to solution
ColForbin
Level 1
Level 1

‎03-04-2025 10:11 AM

Ah yes confirmed. My sh run shows the group keyword as well. Thanks!

0 Helpful
Customers Also Viewed These Support Documents