[c-nsp] TACACS+ best practices

Rubens Kuhl Jr. rubensk at gmail.com
Mon Apr 24 16:23:23 EDT 2006


> 3. I want to configure redundand tacplus server, synchronized with
> simple script.

On the availability subject, you should also be careful to test what
happens when
( ) primary auth server doesn't respond
( ) no auth servers respond (network is down)
( ) someone tries to log in with local passwords (enable secret,
enable password, vty password) when auth servers are responding
( ) someone logs in to console or AUX ports on above situations

YMMV, but mine shows me that different minor IOS versions behave
differently, and that every version you have in the network should be
tested on failure scenarios in order to verify what happens on each of
them.



Rubens



More information about the cisco-nsp mailing list