Filter
Top Products
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software
aaa group server radius
SR-13
Cisco IOS XR System Security Command Reference
aaa group server radius
To group different RADIUS server hosts into distinct lists, use the aaa group server radius command
in global configuration mode. To remove a group server from the configuration list, enter the no form of
this command.
aaa group server radius group-name
no aaa group server radius group-name
Syntax Description
Defaults This command is not enabled.
Command Modes Global configuration
Command History
Usage Guidelines To use this command, you must be in a user group associated with a task group that includes the proper
task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on
Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.
Use the aaa group server radius command to group existing server hosts, which allows you to select a
subset of the configured server hosts and use them for a particular service. A server group is used in
conjunction with a global server-host list. The server group lists the IP addresses or hostnames of the
selected server hosts.
Server groups can also include multiple host entries for the same server, as long as each entry has a
unique identifier. The combination of an IP address and User Datagram Protocol (UDP) port number
creates a unique identifier, allowing different ports to individually defined as RADIUS hosts providing
a specific authentication, authorization, and accounting (AAA) service. In other words, this unique
identifier enables RADIUS requests to be sent to different UDP ports on a server at the same IP address.
If two different host entries on the same RADIUS server are configured for the same service, for
example, accounting, the second host entry acts as a failover backup to the first host entry. Using this
example, if the first host entry fails to provide accounting services, the network access server will try the
second host entry on the same device for accounting services. The RADIUS host entries are tried in the
order in which they are configured in the server group.
All members of a server group must be the same type, that is, RADIUS.
The server group cannot be named radius or tacacs.
This command enters server group configuration mode. You can use the server command to associate a
particular RADIUS server with the defined server group.
group-name Character string used to name the group of servers.
Release Modification
Release 3.2 This command was introduced on the Cisco CRS-1 and
Cisco XR 12000 Series Router.
Release 3.3.0 No modification.