[c-nsp] Customer access to PE

[Blake Dunlap]

If this really is a provider/customer situation, and not an intra-company
BU issue, then no doesn't begin to cover this. By all means try to
accommodate what the customer needs, but they should never need/have config
access to your equipment. It opens huge potential for issues, not to
mention legal ones.

If this is an intra-company thing, then I think you're asking the wrong
questions to the wrong people.

-Blake


On Tue, Sep 17, 2013 at 3:39 PM, Nathanael Law <
Nathanael.Law at aimco.alberta.ca> wrote:

> This is just from a customer's perspective: CSC-MPLS seems to work nicely.
>  We can manage our own VPNs and our providers maintain control of their PE
> devices.  It's especially useful when dealing with multiple service
> providers.
>
> We've only used it on a small scale so far, but CSC is the direction we're
> looking at going for our next major WAN upgrade.
>
> Best regards,
>
> Nathanael Law
>
> > -----Original Message-----
> > From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
> > Richard Clayton
> > Sent: Tuesday, September 17, 2013 14:06
> > To: Trey Howland
> > Cc: cisco-nsp at puck.nether.net
> > Subject: Re: [c-nsp] Customer access to PE
> >
> > I've worked in a couple of ISP's and MPLS VPN environments and have
> > friends
> > that currently work in other providers, we've never had experience of
> > customers having configuration CLI access to what I presume is a PE with
> > multiple customers configurations on, I believe Provider Edge should be
> > just for the provider.
> >
> >
> > On 17 September 2013 13:12, Trey Howland <trey.howland at gmail.com> wrote:
> >
> > > I have a scenario where a customer wants CLI access to the PE in the
> > > provider's network.  This access would allow the customer to
> > create/delete
> > > VRFs, configure interfaces/sub-interfaces, configure VRRP, etc.  All
> > CLI
> > > access would be controlled by TACACS to limit the customer to specific
> > > commands.
> > >
> > > So my question is:  does anyone have examples where this is done
> > today?
> > >  In a corporate environment between business units?  Looking for
> > examples
> > > where this has been successful or unsuccessful.
> > >
> > > v/r,
> > > Trey
> > > ______________________________**_________________
> > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > https://puck.nether.net/**mailman/listinfo/cisco-
> > nsp<https://puck.nether.net/mailman/listinfo/cisco-nsp>
> > > archive at http://puck.nether.net/**pipermail/cisco-
> > nsp/<http://puck.nether.net/pipermail/cisco-nsp/>
> > >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>