On 4/21/19 20:56, Randy Bush wrote: >> "TACACS+ MUST be used with an addition security mechanism to >> protection of the communication such as IPSEC or a secure network such >> as described in 10.5. " > > not operationaly viable
I don't deploy tacacs+ plus anymore, but when I did, concerted efforts were in place to insure that the management network and it's traffic inclusive of the tacacs traffic remained isolated from our production network as well as the internet as whole. that's more or less in keeping with the sentiments of 10.5. securiting it with ah or esp ipsec isn't going to to happen except in the context of route based vpns. > randy > > _______________________________________________ > OPSAWG mailing list > OPSAWG@ietf.org > https://www.ietf.org/mailman/listinfo/opsawg >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg