Alex,
In order to be a successful Network Engineer, one can NOT avoid
Unix/Linux because sooner and later you will have to confront it at some
point. I am NOT against windows; however, I think windows platforms are
much more suited for small/medium size corporation. When it comes to the
big boys (i.e. ISP, carriers, etc...), I think that everyone will agree
with me that Solaris (not too much experience in this area even though I
have a Sparc 2 with 300Mhz CPU and 1GB of RAM to play with), FreeBSD,
OpenBSD, NetBSD and Linux will rule. The other problem I have with
windows (primarily WinNT and Win2K) platform has to do with stability.
My linux server (running both Caldera and Redhat with kernel 2.4.9) is
rock solid. I've never had to reboot once (with the exception that I
just upgrade the kernel recently). All these Linux boxes are running on
Intel platforms (Intel 200 MHZ processor with 64MB of RAM). At my ISP,
with 8 different sites, we deploy 16 of these boxes. Because they are
running Linux and TACACS freeware, the cost is essentially zero
(excluding the one time setup cost). All these boxes are connected in a
daisy chain. We make configuration changes at the master boxes and then
propagrate those changes to other Linux boxes via scp (secure copy).
Routers and switches at each location will have the primary TACACS server
at its local site and the secondary TACACS point to another location for
redundancy. I've had limited experiences with Cisco ACS and it may be a
good product but I would like to point out some of Cisco ACS (windows
version) short commings:
1) The ACS administration is managed via http (bad idea, everything is
clear-text),
2) For ISP and big carriers, the software is not scalable,
3) The password database can be cracked. Now if you tied it into WinNT
domain, that is another matter; however, it is not as strong as MD5
readily available on most Unix platforms,
In addition to those short comings listed above, if you are going to
install on WinNT platform, the cost will be in term of hardware (at least
300MHZ CPU, 128MB RAM), software (Windows NT Server or Win2K Server which
Microsoft charges an arm and leg for) and last but not least, the Cisco
ACS itself which I think goes for 6K each. Add everything, it will cost
around 10K for each box. We are talking about 160K here (in my
situation). The cost will go even higher if you start adding all the
utilities that comes with to protect your windows platforms servers.
On the other hand, Linux, NetBSD, OpenBSD and FreeBSD platforms are
essentially free and require minimum hardware to run on. Furthermore,
all the utilities that come with the Nixes are free (ie. OpenSSH, Webmin,
OpenSSL, you name it). Files transfer between these boxes are secure
with scp.
I guess the point I am trying to say here is that it is NOT difficult to
learn Unix/Linux. Furthermore, installing TACACS on unix platforms is
not difficult either. You either learn it now or you are going to miss
out on a lot of opportunities in your career.
One more thing, when you install an application on Unix platforms, most
of the time, due to CLI, you can see what the software is doing to the
system. Since the TACACS server is an important device on the network,
you don't want it to get compromise by hackers, do you? I wish I can say
the same thing about "point-and-click" windows.
>From: "Alex Lee" >To: "\"Sean Young\"" >Subject: Re: seraching for
tacacs server [7:20872] >Date: Mon, 24 Sep 2001 21:42:16 -0400 > >Hi
Sean, > >This is Alex Lee. I have been trying to learn how to run TACACS
on Linux. I >have successfully installed Mandrake on a PC and learnt some
Linux commands. >Had to put it on back-burner because learning by oneself
took too much time. > >If one day you decide to organize a class for
those of us 'Windows >click-and-drag' type. Please do let me know :) > >
>----- Original Message ----- >From: ""Sean Young"" >Newsgroups:
groupstudy.cisco >Sent: Monday, September 24, 2001 5:36 PM >Subject: Re:
seraching for tacacs server [7:20872] > > > > michael, > > > > why don't
you contact me privately and I will show you how it can be > > done. I am
NOT an expert with TACACS with I have done enough in the last > > 12
months that I think I am quite good with it. I work for an ISP and > >
basically we have to manage about 400 routers and switches. Since there >
> are about 80 people who actually have to get their hands on the routers
> > everyday, there has to be a way to keep track of who is doing what to
> > the routers and switches. We develop TACACS "in house" from the
freeware > > source code at cisco. This TACACs server is running on Linux
platform > > and it performs beatifully. This TACACS server has the
capability to > > give "each" and every individual users both his/her
EXEC password as well > > as the Privilege level-15 password. This TACACS
server is also capable > > of AAA accounting of every users and every
commands that users perform to > > the routers. In other words,
everything is "logged". I also develop a > > script that monitors the
TACACS server process in case the process dies > > unexpectely. In that
case, the process will attempt to restart itself. > > If it can not
restart, it will send me an email telling me why it can not > > restart.
If it successfully restarts itself, it also sends me an email. > >
Before, I arrive, my company was thinking of implementing Cisco ACS > >
running on NT platforms (Yikes). We are talking about spending about > >
quite a bit of money (for both NT os and Cisco ACS software). I don't > >
have experiences with Cisco ACS; however, I was able to save the company
> > a lot of money with TACACS server running on linux platforms (Intel >
> pentium 200 MHz will do the trick). > > > > Again, it is not very
difficult to implement. Contact me off-line if you > > are interested.
However, if you are not "unix" literate, you will have > > difficulty
implement TACACS on unix platforms. You don't have to be > > "unix
gurus", just enough to get by. > > > > Sean, (p.s. please include your
phone number if you want me to get in > > touch with you. I am in the
East Coast) > >
------------------------------------------------------------------------
Get your FREE download of MSN Explorer at http://explorer.msn.com
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=20959&t=20872
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
