selectively choose radius server/group by TCL

Version 1
    This document was generated from CDN thread

    Created by: vinh nguyen on 05-02-2012 10:10:31 PM
    I wanted to know if it is possible to use TCL to selectively choose a radius server. If anyone know, please provide an example.
     
    Thanks

    Subject: RE: selectively choose radius server/group by TCL
    Replied by: Raghavendra Gutty Veeranagappa on 06-02-2012 05:48:44 AM
    Hi vinh,

    you can use below command to authenticate by passing server identifier in TCL script. For more information refer programming guide in documentation section.

    aaa authenticate account password [-a avlistSend][-s servertag][-l legID]

    -s servertag¿The server (or server group)¿s identifier. This value refers to the method-list-name as in AAA configuration:
    aaa authentication login {default | method-list-name} group group-name

    Thanks,
    Raghavendra

    Subject: RE: selectively choose radius server/group by TCL
    Replied by: vinh nguyen on 06-02-2012 03:48:29 PM
    can provide a little more detail example + configuration? I tried and it didn't work for me.

    Thanks.

    Subject: RE: selectively choose radius server/group by TCL
    Replied by: Raghavendra Gutty Veeranagappa on 07-02-2012 07:12:12 AM
    Hi Vinh,

    i miss understood your query, there is no such tcl-ivr command to get list of available radius servers to selectively choose.

    sorry for the confusion.

    Thanks,
    Raghavendra

    Subject: RE: selectively choose radius server/group by TCL
    Replied by: vinh nguyen on 07-02-2012 01:41:10 PM
    then what does the "-s servertag" do? I was thinking that you could setup group of radius server and have the TCL to choose which group to choose.

    Subject: RE: selectively choose radius server/group by TCL
    Replied by: Raghavendra Gutty Veeranagappa on 08-02-2012 04:27:39 AM
    Hi Vinh,

    i think cisco IOS Software will choose a radius server from a group of servers not the TCL script.

    The Cisco IOS software uses the first method listed to authenticate users. If that method fails to respond (indicated by an ERROR), the Cisco IOS software selects the next authentication method listed in the method list. This process continues until there is successful communication with a listed authentication method, or all methods defined in the method list are exhausted.

    you can refer below link for more information.
    http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfathen.html#wp1000924

    Thanks,
    Raghavendra