Thanks a lot for all the input RANCID seems to be the way to go. Thanks for the template config I will look again at TACACS+.
Thanks & Regards Kevin On Mon, Mar 3, 2008 at 5:30 PM, Peter Rathlev <[EMAIL PROTECTED]> wrote: > On Mon, 2008-03-03 at 10:18 -0600, Justin Shore wrote: > > Assuming you're going to do TACACS+ (RADIUS would be similar) here's a > > working AAA config: > <snip> > > Very nice example. I've been looking for exactly something like this for > a while. Thanks for sharing. :-) > > > > You should also come up with a method of generating TACACS keys. You > > could use 1 key per POP or 1 key for the entire network. Personally I > > use a unique key per device. It's probably overkill but it works for > > me. I use a unique strings taken from each device (process board ID for > > example), stick it in a text file, and then perform a md5sum on that > > file. The resulting 32 character string of random characters makes for > > a nice key. It's also reproducible in a pinch. > > Just a small note: Make sure not to use information that other people > can see easily(-ish). Often e.g. the base MAC is printed on the outside > of switches, and the MD5 hashing would only protect from network > eavesdropping. But protecting the AAA-server is a requirement > anyway. :-) > > Regards, > Peter > > > > > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/