[c-nsp] switchport trunk allowed vlan

Tim Durack tdurack at gmail.com
Mon Nov 1 10:18:12 EDT 2010


On Mon, Nov 1, 2010 at 10:08 AM, Keegan Holley
<keegan.holley at sungard.com> wrote:

> I'm not sure I understand the drawback of TACACS.  It's obvious that
> redundancy is needed there.  If you're already using TACACS it seems easier
> to place it there.  I'm not sure I like the idea of a network using local
> auth everywhere but to each his own.  If you use EEM what's to stop other
> "senior" engineers from just removing the script temporarily?

We use RADIUS, which doesn't support administratively disabling
commands (unfortunately.)

I'm also trying to protect from accidental stupidity, rather than
stupidity with intent. (If someone starts disabling safeguards, their
level of accountability increases accordingly.)

Appreciate the suggestion though - just doesn't quite work for us.

-- 
Tim:>



More information about the cisco-nsp mailing list