RE: CiscoSecure Question [7:63941]
You can hardcode the source address of TACACS requests on the routers. This keeps you from needing to define every interface in the TACACS server. The command is ip tacacs source-interface. You can also define network devices in CiscoSecure with wildcards. You could have one entry that maps all routers? If you need more info drop me a line. I've been using it for several years for all my authentication. It isn't cheap but it works great. -Original Message- From: Mossburg, Geoff (MAN-Corporate) [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 9:21 PM To: [EMAIL PROTECTED] Subject: CiscoSecure Question [7:63941] All, Does anyone out there have experience with CiscoSecure? I could really use the help! I have over 50 routers that I'm setting up to access through TACACS, and I've been told that I have to make entries in CiscoSecure for every interface on every router to make sure that each router is TACACS accessible from anywhere in the network! Is this true??? Thanks! Geoff Mossburg Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63943&t=63941 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CiscoSecure Question [7:63941]
You were told wrong. One entry should be enough. I would use loopback interface. Yoshi -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mossburg, Geoff (MAN-Corporate) Sent: Wednesday, February 26, 2003 8:21 PM To: [EMAIL PROTECTED] Subject: CiscoSecure Question [7:63941] All, Does anyone out there have experience with CiscoSecure? I could really use the help! I have over 50 routers that I'm setting up to access through TACACS, and I've been told that I have to make entries in CiscoSecure for every interface on every router to make sure that each router is TACACS accessible from anywhere in the network! Is this true??? Thanks! Geoff Mossburg Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63945&t=63941 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CiscoSecure Question [7:63941]
you should be able to just use the "ip tacacs source-interface" command to make sure the tacacs request always sources the same IP... Charles -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mossburg, Geoff (MAN-Corporate) Sent: Wednesday, February 26, 2003 8:21 PM To: [EMAIL PROTECTED] Subject: CiscoSecure Question [7:63941] All, Does anyone out there have experience with CiscoSecure? I could really use the help! I have over 50 routers that I'm setting up to access through TACACS, and I've been told that I have to make entries in CiscoSecure for every interface on every router to make sure that each router is TACACS accessible from anywhere in the network! Is this true??? Thanks! Geoff Mossburg Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63948&t=63941 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CiscoSecure Question [7:63941]
You only need one entry in Cisco Secure if you use wildcards are are willing to accept the fact that all devices will be using the same shared secret key. So for example, to configure all routers on the 172.16.x.x network you simply click on Network Configuration and select "Add AAA Client". Give your clients a name (i.e. 172-16-routers) and a shared secret password. For the IP address use 172.16.*.*. Any client using an ip address from the range 172.16.0.0/16 will be accpeted assuming the shared secret password is known. Take care, Paul Borghese Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63996&t=63941 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CiscoSecure Question [7:63941]
LOL If I use all the information you guys have given me, I'll end up reducing the size of our CiscoSecure Network Configuration list from 410 entries to maybe 1 or 2 Thanks everyone, very, very much!! Geoff Mossburg Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64019&t=63941 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
