[c-nsp] TACACS/ACS on the internet

Nick Cutting ncutting at edgetg.co.uk
Mon Aug 24 05:30:24 EDT 2015

We are going to roll out TACACS soon, on an ACS appliance and I have hundreds (thousands?) of client devices that need to authenticate back to these appliances.

We will most likely put this directly on a public address, to avoid address conflicts etc. on our "shared services" zone. 

Rather than maintain some monster ACL for all the client Public addresses that would need to be updated almost daily - how dangerous is it to just allow UDP port 49 to this device from any source?
We are going to have to add each device to the ACS server anyway.

Any suggestions welcome

Nick Cutting | Network Engineer | ncutting at edgetg.co.uk

More information about the cisco-nsp mailing list