Hi,
On Thu, Jun 21, 2001 at 11:23:17PM -0400, Imre Fitos wrote:
> I think it is a valid request, I see more and more devices that can be
> configured using radius or an LDAP server and I REALLY hope cisco will
> have something like this soon as tftp just doesn't cut it after a while.
What kind of configuration do you want to make?
"Changing" Dialup user data or login passwords etc. can be done just
fine with RADIUS/TACACS (while not with LDAP, but nothing prevents a
TACACS server from talking to a LDAP directory).
Things like "changing global filter lists" aren't really things you want
to put into LDAP (and have the router poll for it).
What we do for bulk updates is to do "rcp file.txt router:running-config"
- rcp access on the routers is filtered to a single machine for config
updates and a second one for config backups.
Yes, it's a security risk. But any form of bulk update capability is
a security risk if you get access to that machine, or know the "secret"
of access (local and remote username for rcp, login and password for
telnet/ssh, secret for radius, ...) and can fake the IP address.
gert
-- Gert Doering Mobile communications ... right now writing from *a train to Hamburg* ... mobile phone: +49 177 2160221 ... or mail me: gert@greenie.muc.de
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:43 EDT