Your large hotel chain techs sound like a bunch of gumbies, any tech worth their salt would poll their own equipment and not the providers.
Provider: Lets feed them dummy snmp counters Customer: hey your billing me for 500gb of traffic!! Provider: yes.. don't your graphs reflect this? ;) -Dan > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:cisco-nsp- > [EMAIL PROTECTED] On Behalf Of Jon Lewis > Sent: Wednesday, 4 June 2008 12:49 PM > To: Richey > Cc: cisco-nsp@puck.nether.net > Subject: Re: [c-nsp] Giving customers access to your gear. > > On Tue, 3 Jun 2008, Richey wrote: > > > I've got a customer with a T1. They have been bought out by a large > hotel > > chain. They are pretty much demanding that they have SNMP full read > access > > to our router that is at their location as well as a copy of the > config for > > the router. This is not their router, it is ours and we fully > manage our > > As long as you don't give them the clear text version of the enable > secret, they can't do any damage, so what's the concern? Having been > on > the customer end of this sort of arrangement long ago, I can understand > their concern. They may want SNMP access for traffic/health graphing, > and > a copy of the config simply for auditing purposes to satisfy themselves > that the config is "secure" enough. > > I'm sure _you_ wouldn't do this, but if you (as the ISP) were to make > changes to your customer routes and break their internet connection, > and > then have all of your noc staff go fishing for the day, if they > customer > had enable, they could possibly fix their router...depending on > how/where > you broke things. I've been there...didn't have access, couldn't fix > it, > and was not amused. > > If they want access bad enough, since they do have physical access, > they > could just reboot, change the config-register, and have a copy of the > config. > > > router and hand them Ethernet. This seems a little odd that they > want > > access to our gear, and I am not too keen on giving them access > unless they > > are willing to accept some responsibility. They don't want to > accept any > > responsibility for the access they would have to this box. They > say that > > Verizion and AT&T don't have any problems giving them this kind of > access to > > their gear. > > If you give them enable, the rule is "you break it, you pay us to fix > it". > I also highly recommend rancid, so when they do break it or monkey with > it > in any way, you get notification, and can easily see and back out their > changes. > > ---------------------------------------------------------------------- > Jon Lewis | I route > Senior Network Engineer | therefore you are > Atlantic Net | > _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/