07-04-2013 05:03 AM - edited 03-10-2019 08:37 PM
Hi,
I'm a bit confused on when to use the SERVER A.B.C.D command of SERVER-PRIVATE A.B.C.D command in the following:
aaa group server tacacs+ acs-servers
server-private 10.1.2.2 single-connection key 7 12345
server-private 10.1.2.3 single-connection key 7 12345
What exactly is the diference between 'server-private' and 'server'? If it where to make a difference in RFC1918 and non-RFC1918 addresses, then what's the extra functionality?
Erik
07-04-2013 02:17 PM
Hello. Here the word "private" doesn't relate to RFC1918.
If you use the "server" command within the "aaa group server" , this server could be used in another groups, sometimes unintentionally.
On the other hand the "server-private" comand within the "aaa group server", assures you this server will only be used by this group.
please rate if this helps
07-04-2013 05:52 PM
Use the server-private command to associate a particular private server with a defined server group. Private servers (servers with private addresses) can be defined within the server group and remain hidden from other groups, while the servers in the global pool (for example, default radius server group) can still be referred to by IP addresses and port numbers. Thus, the list of servers in server groups includes references to the hosts in the global configuration and the definitions of private servers.
~BR
Jatin Katyal
**Do rate helpful posts**
07-05-2013 01:38 AM
Ok thanks! This helps!
- What practical benefit would it give to hide servers from other groups? What kind of scenario could that be?
- Say i would want to use the servers i mentioned for Tacacs AND Radius, does that mean i should not be using 'server-private'?
Erik
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide