Cisco Ccna (640-553) Security Training: Using The Aaa Group Server Tacacs+ Command

In today’s article, I’m going to inform you about the Cisco IOS global configuration mode command named “aaa group server tacacs+”.


CCNA’s (like you) use the “aaa group server tacacs+” command to group different TACACS+ server hosts into distinct lists and distinct methods.

Another way of saying it is, network administrators (like you) use the command to select a subset of configured TACACS+ server hosts and use them for a particular service. A “group server” is a list of TACACS+ server hosts. The router uses a “group server” and a “global server list”; a “global server list” is a “group server” of IP addresses, which are the IP addresses of the selected server hosts.

Below is the command’s syntax:

aaa group server tacacs+ group-name

As you can see, the command is really easy to use; and the group-name argument, is used to name the group of configured TACACS+ servers. By the way, the following words can’t be used as a group-name argument:

1. auth-guest
2. enable
3. if-authenticated
4. if-needed
5. guest
6. krb5
7. krb-instance
8. krb-telnet
9. tacacsplus
10. tacacs
11. rcmd
12. radius
13. none
14. local
15. line

Below is an example of the command being used:

Router>enable
Router#configure terminal
Router(config)#aaa new-model
Router(config)#aaa group server tacacs+ tacacsittechtips
Router(config-sg-radius)#server 10.1.1.1
Router(config-sg-radius)#server 10.2.2.2
Router(config-sg-radius)#server 10.3.3.3
Router(config-sg-radius)#end
Router#copy run start

In the example above, the AAA group server named tacacsittechtips has three member servers.

And, just like mostly all Cisco IOS commands; you can use the word “no” in front of the command to remove (disable) the configured command; like you see below:

Router(config)#no aaa group server tacacs+ tacacsittechtips

By the way, if you decide to use the command, make sure your router(s) is running Cisco IOS 12.0(5)T or higher.

I hope this article was very informative and helped you quickly understand the usage of the aaa group server tacacs+ command. If you need to learn more; I suggest you visit my website, were you’ll find the latest information regarding the Cisco CCNA (640-553) Security exam techniques.

To your success,

By: Charles E Ross

Article Directory: http://www.articledashboard.com

Charles Ross, CCNP #CSCO10444244 is the owner of Ittechtips.com; where you'll find free comprehensive information and videos on how to pass the CCNA (640-553) security exam. Sign-Up for "100 Free Videos" and, also learn more about the new "Cisco CCNA (640-553) Video Accelerated Training Course" at his website. www.ccnaittechtips.com