[177114] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: The state of TACACS+

daemon@ATHENA.MIT.EDU (Michael Douglas)
Mon Dec 29 13:38:44 2014

X-Original-To: nanog@nanog.org
In-Reply-To: <CAMDdSzMiywgjJz9LeEGCbPg=HF8CDrHBtJdX+Fh+rGveJLXj2Q@mail.gmail.com>
Date: Mon, 29 Dec 2014 13:38:36 -0500
From: Michael Douglas <Michael.Douglas@IEEE.org>
To: Colton Conor <colton.conor@gmail.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org

If someone has physical access to a Cisco router they can initiate a
password recovery; tacacs vs local account doesn't matter at that point.

On Mon, Dec 29, 2014 at 12:28 PM, Colton Conor <colton.conor@gmail.com>
wrote:

> Glad to know you can make local access only work if TACAS+ isn't
> available. However, that still doesn't prevent the employee who know the
> local username and password to unplug the device from the network, and the
> use the local password to get in. Still better than our current setup of
> having one default username and password that everyone knows.
>
>
>


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[177114] in North American Network Operators' Group

Re: The state of TACACS+

daemon@ATHENA.MIT.EDU (Michael Douglas)Mon Dec 29 13:38:44 2014

daemon@ATHENA.MIT.EDU (Michael Douglas)
Mon Dec 29 13:38:44 2014