Hi everybody,
It seems to me that many medium/large networks tend to use radius or tacacs
for router line authentication. I could be wrong about this, so please
correct me if so. I'd like to know how a few things are handled in this
type of envrionment:
- What is the main driver in using radius/tacacs+ for line(telnet)
authentication? Is it for accounting purposes? Is it to prevent the
problems involved with local line passwords such as password changes?
- From some of my CCO readings, I've learned that AAA can be configured so
that, if radius/tacacs+ authentication is configured for a line, and the
user authenticaion fails(wrong password/username) the enable password will
allow a user router access. Considering this, what's to prevent a user
from simply pressing return a couple times then entering the enable
password in order to bypass the sername/password requirement?
- What if the authentication server is inaccessible? ie. Part(s) of the
network are down.
- Related to the previous question, how many authentication servers are
commonly deployed in a given network?
- Finally, do Network/Ops divisions generally run their own authentication
servers, or are existing user databases shared(ie email, etc)?
Basically I'm trying to understand real-world implementations of this, and
I'm finding it hard to do from documentation alone.
THANKS A LOT!
ps. I'd like to say thanks to this list for what I've learned over the
past several months by mostly lurking. I just recently passed BCMSN with a
945, and a few months ago CCNA with a 925. Really, thanks.
-brad
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
