[c-nsp] TACACS+ question

Kim Onnel karim.adel at gmail.com
Sun Feb 27 08:34:15 EST 2005


Hi,

I am sure that limiting each account for the NOC engineers to what
they are authorized to do explicitly is advisable, so that even if an
account is hijacked, minimum damage is guaranteed.

And so it is, the NOC can only exec show commands now, but sometimes
they need to clear some interfaces and view running configurations
too,  so i am confused on how to do this,
there is also a need to allow specific commands on one router but not the other.

Our sysadmin is gone, and we're waiting to hire a new one, so i'll be
doing his task, i'm doing network tasks mostly, but since i had
previous experiences, i'll try

We have SecureACS now, its really annoying, i got *nix tac_plus,
locally tested it, i want to migrate to tac_plus, on the other hand
keep the old ACS server as backup incase the primary fails,

send me your 0.2$ about it please.


More information about the cisco-nsp mailing list