Cisco Cisco IOS Software Release 12.2(4)B

Use the server-private command to associate a particular private server with a defined server group. To 
prevent possible overlapping of private addresses between VRFs, AAA servers must be defined in a 
single global pool that is to be used in the server groups; that is, the servers can no longer be uniquely 
identified by IP addresses and port numbers.

Private servers (servers with private addresses within the default server group that contains all the 
servers) avoid failover; that is, private servers are not exposed in the global list. Thus, private servers can 
be defined within the server group and remain hidden from other groups. The list of servers in server 
groups includes references to the hosts in the global configuration as well as the definitions of private 
servers.

Private servers are not known from any other server group other than the one it is defined within.

All server operational parameters can be configured per host, per server group, or globally. Per-host 
configuration have precedence over any per-server groups configurations, which have precedence 
over any global configuration. 

The following example shows how to define the sg_water RADIUS group server and associate private 
servers with it:

aaa group server radius sg_water

server-private 1.1.1.1 timeout 5 retransmit 3 key coke

server-private 2.2.2.2 timeout 5 retransmit 3 key coke

12.2(1)DX

This command was introduced.

12.2(2)DD

This command was integrated into Cisco IOS Release 12.2(2)DD.

12.2(4)B

This command was integrated into Cisco IOS Release 12.2(4)B.

Groups different server hosts into distinct lists and distinct methods.

Enables the AAA access control model.

Specifies a RADIUS server host.