Security

I'm looking at my configs I've built for our Cisco switches we use with CPPM and I'm confused as why I have to specify my radius server twice?

We start out with:

(config)#radius server Aruba-CPPM
(config-radius-server)#address ipv4 10.1.2.3
(config-radius-server)#key secretkey

Then later on I specify it again as a dynamic-author:

(config)# aaa server radius dynamic-author
(config-locsvr-da-radius)#client 10.1.2.3 server-key secretkey

(config-locsvr-da-radius)#client 10.1.2.4 server-key secretkey

Are these doing two different things or am I putting in redundant code?

One is defining ClearPass as a RADIUS server (for client authentication).

The second is defining ClearPass as a RADIUS client (for RFC5176).

So basically if 10.1.2.3 goes down, I'm kinda screwed since nobody would be able to auth right? 

I should change that to a group and use a server group would be a better practice? 

Yes. Defining all RADIUS servers is a good idea.

and I guess it's a good idea to have all my radius servers listed under the dynamic-authors too righ?