[c-nsp] "reload" command doesn't check command line parameters

Sigurbjörn Birkir Lárusson sigurbjornl at vodafone.is
Tue Oct 8 07:22:40 EDT 2013

I think the best solution here is tacacs+ with command authorization where
reload in X is allowed, but all other forms are not, forcing you to
authenticate as a higher privilege user to be able to do that, that way
tacacs+ will simply prevent you from making a mistake.

This is also highly preferable for many other things (switchport trunk
allowed vlan X instead of switchport trunk allowed vlan add X springs to

Kind regards,

On 8.10.2013 10:55, "Saku Ytti" <saku at ytti.fi> wrote:

>On (2013-10-08 10:57 +0200), Sander Steffann wrote:
>> > The two outputs do have different warnings:
>> > 
>> > reload reason:
>> > ===========================
>> > Router#reload
>> > Proceed with reload? [confirm]
>> > ===========================
>> If this warning would be changed to:
>> ===========================
>> Router#reload int 5
>> Proceed with IMMEDIATE reload? [confirm]
>> ===========================
>> Then it would be much clearer.
>Implication here is, you made typo in the original command and you are
>of it. I guess if you are aware of the typo, you didn't make it.
>If you are not aware of the typo you made, you'll just punch the 'y' from
>muscle memory without looking at the display.
>I don't think it would actually help. What does help, is taking humans
>our of
>the equation as much as possible. Break network less often but more
>through automation.
>  ++ytti
>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list