RE: Differences between TACACS+ and Cisco ACS [7:2245]
Bill, Are you sure about this? I've contacted Cisco TAC support and have been told it is NOT possible because Cisco ACS itself does NOT https. Can anyone confirm this? Thanks Sean From: Bill Pearch Reply-To: Bill Pearch To: [EMAIL PROTECTED] Subject: RE: Differences between TACACS+ and Cisco ACS [7:2245] Date: Mon, 30 Apr 2001 02:16:01 -0400 With NT/2000 and IIS4 or IIS5 we can make any HTTP:// site a HTTPS:// site with a couple of mouse clicks. If you are using Win2K there is a heck of a help file that will walk you through the process, step by step. TTFN, Bill Pearch, Anchorage AK -Original Message- From: Sean Young [mailto:[EMAIL PROTECTED]] Sent: Sunday, April 29, 2001 7:19 PM To: [EMAIL PROTECTED] Subject: Re: Differences between TACACS+ and Cisco ACS [7:2245] You can access it using a browser anywhere. This is what I am worried about. When you are talking about controlling ACS via the web browser interface, does it use standard http or https. If it uses the standard http, then everything can be captured by a sniffer. Can anyone confirm this? Thanks. Sean From: nana Reply-To: nana To: [EMAIL PROTECTED] Subject: Re: Differences between TACACS+ and Cisco ACS [7:2245] Date: Sun, 29 Apr 2001 18:08:09 -0400 CiscoSecure Version 2.6 was for Windows NT/2000 is actually a very improved product compared to its preds. Easy to configure and manage. You can access it using a browser anywhere. It also allows you to control the admin access itself so that others can manage usersgroups etc but not the top admin level functions Sean Young wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Everyone, The company I am working for is considering purchasing Cisco ACS software. This piece of software will be running on Solaris platform. Currently, I am using TACACS+ (self-supported software with source code) on our environment running on both Solaris and linux platforms (Primary TACACS is on Solaris and backup is on Linux). We've modified the source code so that each user has his/her own privilige password so that we have a record of who is doing what on the network devices (accounting purpose). Everything is running smoothly and the company is happy with the result. In my opinion, learning CLI in Unix/linux is not an easy task to master. Because of this, I am solely responsible for the TACACS servers. Finding someone to train for this thing is NOT an easy thing (thanks to Microsoft mentality of POINT-and-CLICK attitude of new people coming into the IT field these days). I've tried to train several people for this task but it was unsuccessful. Because of this, the company is considering of migrating the TACACS server from Solaris/Linux over to Microsoft Windows platforms (YIKES) so that we can find additional support staffs. The software package that we consider is Cisco ACS. I have several questions regarding this package: 1) Is this software stable on a Windows platform? (Sorry I have to ask) 2) How long does it take to train a newbie to be efficient with Cisco ACS running on Winblows platform? 3) Does Cisco ACS support enable privilege for each individual user (i.e does each user have his/own enable password)? If anyone has done it before or have a similar experience, I would like to hear from you. Many thanks. Sean _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=2552t=2245 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Differences between TACACS+ and Cisco ACS [7:2245]
I think what he's saying is that https sites can be set up for any http content through the webserver. Just dump the management site into the https section and it's secure. ACS doesn't have to do the https portion..only the webserver. - Original Message - From: Sean Young To: Sent: Monday, April 30, 2001 7:41 AM Subject: RE: Differences between TACACS+ and Cisco ACS [7:2245] Bill, Are you sure about this? I've contacted Cisco TAC support and have been told it is NOT possible because Cisco ACS itself does NOT https. Can anyone confirm this? Thanks Sean From: Bill Pearch Reply-To: Bill Pearch To: [EMAIL PROTECTED] Subject: RE: Differences between TACACS+ and Cisco ACS [7:2245] Date: Mon, 30 Apr 2001 02:16:01 -0400 With NT/2000 and IIS4 or IIS5 we can make any HTTP:// site a HTTPS:// site with a couple of mouse clicks. If you are using Win2K there is a heck of a help file that will walk you through the process, step by step. TTFN, Bill Pearch, Anchorage AK -Original Message- From: Sean Young [mailto:[EMAIL PROTECTED]] Sent: Sunday, April 29, 2001 7:19 PM To: [EMAIL PROTECTED] Subject: Re: Differences between TACACS+ and Cisco ACS [7:2245] You can access it using a browser anywhere. This is what I am worried about. When you are talking about controlling ACS via the web browser interface, does it use standard http or https. If it uses the standard http, then everything can be captured by a sniffer. Can anyone confirm this? Thanks. Sean From: nana Reply-To: nana To: [EMAIL PROTECTED] Subject: Re: Differences between TACACS+ and Cisco ACS [7:2245] Date: Sun, 29 Apr 2001 18:08:09 -0400 CiscoSecure Version 2.6 was for Windows NT/2000 is actually a very improved product compared to its preds. Easy to configure and manage. You can access it using a browser anywhere. It also allows you to control the admin access itself so that others can manage usersgroups etc but not the top admin level functions Sean Young wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Everyone, The company I am working for is considering purchasing Cisco ACS software. This piece of software will be running on Solaris platform. Currently, I am using TACACS+ (self-supported software with source code) on our environment running on both Solaris and linux platforms (Primary TACACS is on Solaris and backup is on Linux). We've modified the source code so that each user has his/her own privilige password so that we have a record of who is doing what on the network devices (accounting purpose). Everything is running smoothly and the company is happy with the result. In my opinion, learning CLI in Unix/linux is not an easy task to master. Because of this, I am solely responsible for the TACACS servers. Finding someone to train for this thing is NOT an easy thing (thanks to Microsoft mentality of POINT-and-CLICK attitude of new people coming into the IT field these days). I've tried to train several people for this task but it was unsuccessful. Because of this, the company is considering of migrating the TACACS server from Solaris/Linux over to Microsoft Windows platforms (YIKES) so that we can find additional support staffs. The software package that we consider is Cisco ACS. I have several questions regarding this package: 1) Is this software stable on a Windows platform? (Sorry I have to ask) 2) How long does it take to train a newbie to be efficient with Cisco ACS running on Winblows platform? 3) Does Cisco ACS support enable privilege for each individual user (i.e does each user have his/own enable password)? If anyone has done it before or have a similar experience, I would like to hear from you. Many thanks. Sean _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list
RE: Differences between TACACS+ and Cisco ACS [7:2245]
Did some looking into the documentation on ACS for NT/2K and it looks like Cisco is using a non MS web server, rather than building on IIS 4 or 5. So you can do what you can do with it. If Cisco doesn't include HTTPS you don't get HTTPS. I know IIS, not ACS - sorry. I hope to remedy that in the near future. If you are using Win2K as your ACS server it is possible to make use of IPSec to other W2K boxes based on local IPSec policy or domain level IPSec policy. This would give you the secure communication you are looking for, even if the application does not support HTTPS. YMMV, VWPBL, OSTCAAT. TTFN, Bill Pearch, Anchorage AK -Original Message- From: Sean Young To: [EMAIL PROTECTED] Sent: 4/30/2001 4:41 AM Subject: RE: Differences between TACACS+ and Cisco ACS [7:2245] Bill, Are you sure about this? I've contacted Cisco TAC support and have been told it is NOT possible because Cisco ACS itself does NOT https. Can anyone confirm this? Thanks Sean From: Bill Pearch Reply-To: Bill Pearch To: [EMAIL PROTECTED] Subject: RE: Differences between TACACS+ and Cisco ACS [7:2245] Date: Mon, 30 Apr 2001 02:16:01 -0400 With NT/2000 and IIS4 or IIS5 we can make any HTTP:// site a HTTPS:// site with a couple of mouse clicks. If you are using Win2K there is a heck of a help file that will walk you through the process, step by step. TTFN, Bill Pearch, Anchorage AK -Original Message- From: Sean Young [mailto:[EMAIL PROTECTED]] Sent: Sunday, April 29, 2001 7:19 PM To: [EMAIL PROTECTED] Subject: Re: Differences between TACACS+ and Cisco ACS [7:2245] You can access it using a browser anywhere. This is what I am worried about. When you are talking about controlling ACS via the web browser interface, does it use standard http or https. If it uses the standard http, then everything can be captured by a sniffer. Can anyone confirm this? Thanks. Sean From: nana Reply-To: nana To: [EMAIL PROTECTED] Subject: Re: Differences between TACACS+ and Cisco ACS [7:2245] Date: Sun, 29 Apr 2001 18:08:09 -0400 CiscoSecure Version 2.6 was for Windows NT/2000 is actually a very improved product compared to its preds. Easy to configure and manage. You can access it using a browser anywhere. It also allows you to control the admin access itself so that others can manage usersgroups etc but not the top admin level functions Sean Young wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Everyone, The company I am working for is considering purchasing Cisco ACS software. This piece of software will be running on Solaris platform. Currently, I am using TACACS+ (self-supported software with source code) on our environment running on both Solaris and linux platforms (Primary TACACS is on Solaris and backup is on Linux). We've modified the source code so that each user has his/her own privilige password so that we have a record of who is doing what on the network devices (accounting purpose). Everything is running smoothly and the company is happy with the result. In my opinion, learning CLI in Unix/linux is not an easy task to master. Because of this, I am solely responsible for the TACACS servers. Finding someone to train for this thing is NOT an easy thing (thanks to Microsoft mentality of POINT-and-CLICK attitude of new people coming into the IT field these days). I've tried to train several people for this task but it was unsuccessful. Because of this, the company is considering of migrating the TACACS server from Solaris/Linux over to Microsoft Windows platforms (YIKES) so that we can find additional support staffs. The software package that we consider is Cisco ACS. I have several questions regarding this package: 1) Is this software stable on a Windows platform? (Sorry I have to ask) 2) How long does it take to train a newbie to be efficient with Cisco ACS running on Winblows platform? 3) Does Cisco ACS support enable privilege for each individual user (i.e does each user have his/own enable password)? If anyone has done it before or have a similar experience, I would like to hear from you. Many thanks. Sean _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] F
Re: Differences between TACACS+ and Cisco ACS [7:2245]
Just tossing something in the air, but can you change the directory http content is put in? If so, you could dump it to another http server folder that supports https authorization. - Original Message - From: Bill Pearch To: Sent: Monday, April 30, 2001 3:27 PM Subject: RE: Differences between TACACS+ and Cisco ACS [7:2245] Did some looking into the documentation on ACS for NT/2K and it looks like Cisco is using a non MS web server, rather than building on IIS 4 or 5. So you can do what you can do with it. If Cisco doesn't include HTTPS you don't get HTTPS. I know IIS, not ACS - sorry. I hope to remedy that in the near future. If you are using Win2K as your ACS server it is possible to make use of IPSec to other W2K boxes based on local IPSec policy or domain level IPSec policy. This would give you the secure communication you are looking for, even if the application does not support HTTPS. YMMV, VWPBL, OSTCAAT. TTFN, Bill Pearch, Anchorage AK -Original Message- From: Sean Young To: [EMAIL PROTECTED] Sent: 4/30/2001 4:41 AM Subject: RE: Differences between TACACS+ and Cisco ACS [7:2245] Bill, Are you sure about this? I've contacted Cisco TAC support and have been told it is NOT possible because Cisco ACS itself does NOT https. Can anyone confirm this? Thanks Sean From: Bill Pearch Reply-To: Bill Pearch To: [EMAIL PROTECTED] Subject: RE: Differences between TACACS+ and Cisco ACS [7:2245] Date: Mon, 30 Apr 2001 02:16:01 -0400 With NT/2000 and IIS4 or IIS5 we can make any HTTP:// site a HTTPS:// site with a couple of mouse clicks. If you are using Win2K there is a heck of a help file that will walk you through the process, step by step. TTFN, Bill Pearch, Anchorage AK -Original Message- From: Sean Young [mailto:[EMAIL PROTECTED]] Sent: Sunday, April 29, 2001 7:19 PM To: [EMAIL PROTECTED] Subject: Re: Differences between TACACS+ and Cisco ACS [7:2245] You can access it using a browser anywhere. This is what I am worried about. When you are talking about controlling ACS via the web browser interface, does it use standard http or https. If it uses the standard http, then everything can be captured by a sniffer. Can anyone confirm this? Thanks. Sean From: nana Reply-To: nana To: [EMAIL PROTECTED] Subject: Re: Differences between TACACS+ and Cisco ACS [7:2245] Date: Sun, 29 Apr 2001 18:08:09 -0400 CiscoSecure Version 2.6 was for Windows NT/2000 is actually a very improved product compared to its preds. Easy to configure and manage. You can access it using a browser anywhere. It also allows you to control the admin access itself so that others can manage usersgroups etc but not the top admin level functions Sean Young wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Everyone, The company I am working for is considering purchasing Cisco ACS software. This piece of software will be running on Solaris platform. Currently, I am using TACACS+ (self-supported software with source code) on our environment running on both Solaris and linux platforms (Primary TACACS is on Solaris and backup is on Linux). We've modified the source code so that each user has his/her own privilige password so that we have a record of who is doing what on the network devices (accounting purpose). Everything is running smoothly and the company is happy with the result. In my opinion, learning CLI in Unix/linux is not an easy task to master. Because of this, I am solely responsible for the TACACS servers. Finding someone to train for this thing is NOT an easy thing (thanks to Microsoft mentality of POINT-and-CLICK attitude of new people coming into the IT field these days). I've tried to train several people for this task but it was unsuccessful. Because of this, the company is considering of migrating the TACACS server from Solaris/Linux over to Microsoft Windows platforms (YIKES) so that we can find additional support staffs. The software package that we consider is Cisco ACS. I have several questions regarding this package: 1) Is this software stable on a Windows platform? (Sorry I have to ask) 2) How long does it take to train a newbie to be efficient with Cisco ACS running on Winblows platform? 3) Does Cisco ACS support enable privilege for each individual user (i.e does each user have his/own enable password)? If anyone has done it before or have a similar experience, I would like to hear from you. Many thanks. Sean _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to
Re: Differences between TACACS+ and Cisco ACS [7:2245]
You could buy a copy of SSH Server for Win2k and tunnel SSH from wherever you need web browser access. Then you can securely access it from anything that supports SSH and a browser (MAC OS, *NIX, Win32), right? -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Bill Pearch wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Did some looking into the documentation on ACS for NT/2K and it looks like Cisco is using a non MS web server, rather than building on IIS 4 or 5. So you can do what you can do with it. If Cisco doesn't include HTTPS you don't get HTTPS. I know IIS, not ACS - sorry. I hope to remedy that in the near future. If you are using Win2K as your ACS server it is possible to make use of IPSec to other W2K boxes based on local IPSec policy or domain level IPSec policy. This would give you the secure communication you are looking for, even if the application does not support HTTPS. YMMV, VWPBL, OSTCAAT. TTFN, Bill Pearch, Anchorage AK -Original Message- From: Sean Young To: [EMAIL PROTECTED] Sent: 4/30/2001 4:41 AM Subject: RE: Differences between TACACS+ and Cisco ACS [7:2245] Bill, Are you sure about this? I've contacted Cisco TAC support and have been told it is NOT possible because Cisco ACS itself does NOT https. Can anyone confirm this? Thanks Sean From: Bill Pearch Reply-To: Bill Pearch To: [EMAIL PROTECTED] Subject: RE: Differences between TACACS+ and Cisco ACS [7:2245] Date: Mon, 30 Apr 2001 02:16:01 -0400 With NT/2000 and IIS4 or IIS5 we can make any HTTP:// site a HTTPS:// site with a couple of mouse clicks. If you are using Win2K there is a heck of a help file that will walk you through the process, step by step. TTFN, Bill Pearch, Anchorage AK -Original Message- From: Sean Young [mailto:[EMAIL PROTECTED]] Sent: Sunday, April 29, 2001 7:19 PM To: [EMAIL PROTECTED] Subject: Re: Differences between TACACS+ and Cisco ACS [7:2245] You can access it using a browser anywhere. This is what I am worried about. When you are talking about controlling ACS via the web browser interface, does it use standard http or https. If it uses the standard http, then everything can be captured by a sniffer. Can anyone confirm this? Thanks. Sean From: nana Reply-To: nana To: [EMAIL PROTECTED] Subject: Re: Differences between TACACS+ and Cisco ACS [7:2245] Date: Sun, 29 Apr 2001 18:08:09 -0400 CiscoSecure Version 2.6 was for Windows NT/2000 is actually a very improved product compared to its preds. Easy to configure and manage. You can access it using a browser anywhere. It also allows you to control the admin access itself so that others can manage usersgroups etc but not the top admin level functions Sean Young wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Everyone, The company I am working for is considering purchasing Cisco ACS software. This piece of software will be running on Solaris platform. Currently, I am using TACACS+ (self-supported software with source code) on our environment running on both Solaris and linux platforms (Primary TACACS is on Solaris and backup is on Linux). We've modified the source code so that each user has his/her own privilige password so that we have a record of who is doing what on the network devices (accounting purpose). Everything is running smoothly and the company is happy with the result. In my opinion, learning CLI in Unix/linux is not an easy task to master. Because of this, I am solely responsible for the TACACS servers. Finding someone to train for this thing is NOT an easy thing (thanks to Microsoft mentality of POINT-and-CLICK attitude of new people coming into the IT field these days). I've tried to train several people for this task but it was unsuccessful. Because of this, the company is considering of migrating the TACACS server from Solaris/Linux over to Microsoft Windows platforms (YIKES) so that we can find additional support staffs. The software package that we consider is Cisco ACS. I have several questions regarding this package: 1) Is this software stable on a Windows platform? (Sorry I have to ask) 2) How long does it take to train a newbie to be efficient with Cisco ACS running on Winblows platform? 3) Does Cisco ACS support enable privilege for each individual user (i.e does each user have his/own enable password)? If anyone has done it before or have a similar experience, I would like to hear from you. Many thanks. Sean _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.gro
Re: Differences between TACACS+ and Cisco ACS [7:2245]
CiscoSecure Version 2.6 was for Windows NT/2000 is actually a very improved product compared to its preds. Easy to configure and manage. You can access it using a browser anywhere. It also allows you to control the admin access itself so that others can manage usersgroups etc but not the top admin level functions Sean Young wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Everyone, The company I am working for is considering purchasing Cisco ACS software. This piece of software will be running on Solaris platform. Currently, I am using TACACS+ (self-supported software with source code) on our environment running on both Solaris and linux platforms (Primary TACACS is on Solaris and backup is on Linux). We've modified the source code so that each user has his/her own privilige password so that we have a record of who is doing what on the network devices (accounting purpose). Everything is running smoothly and the company is happy with the result. In my opinion, learning CLI in Unix/linux is not an easy task to master. Because of this, I am solely responsible for the TACACS servers. Finding someone to train for this thing is NOT an easy thing (thanks to Microsoft mentality of POINT-and-CLICK attitude of new people coming into the IT field these days). I've tried to train several people for this task but it was unsuccessful. Because of this, the company is considering of migrating the TACACS server from Solaris/Linux over to Microsoft Windows platforms (YIKES) so that we can find additional support staffs. The software package that we consider is Cisco ACS. I have several questions regarding this package: 1) Is this software stable on a Windows platform? (Sorry I have to ask) 2) How long does it take to train a newbie to be efficient with Cisco ACS running on Winblows platform? 3) Does Cisco ACS support enable privilege for each individual user (i.e does each user have his/own enable password)? If anyone has done it before or have a similar experience, I would like to hear from you. Many thanks. Sean _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=2484t=2245 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Differences between TACACS+ and Cisco ACS [7:2245]
You can access it using a browser anywhere. This is what I am worried about. When you are talking about controlling ACS via the web browser interface, does it use standard http or https. If it uses the standard http, then everything can be captured by a sniffer. Can anyone confirm this? Thanks. Sean From: nana Reply-To: nana To: [EMAIL PROTECTED] Subject: Re: Differences between TACACS+ and Cisco ACS [7:2245] Date: Sun, 29 Apr 2001 18:08:09 -0400 CiscoSecure Version 2.6 was for Windows NT/2000 is actually a very improved product compared to its preds. Easy to configure and manage. You can access it using a browser anywhere. It also allows you to control the admin access itself so that others can manage usersgroups etc but not the top admin level functions Sean Young wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Everyone, The company I am working for is considering purchasing Cisco ACS software. This piece of software will be running on Solaris platform. Currently, I am using TACACS+ (self-supported software with source code) on our environment running on both Solaris and linux platforms (Primary TACACS is on Solaris and backup is on Linux). We've modified the source code so that each user has his/her own privilige password so that we have a record of who is doing what on the network devices (accounting purpose). Everything is running smoothly and the company is happy with the result. In my opinion, learning CLI in Unix/linux is not an easy task to master. Because of this, I am solely responsible for the TACACS servers. Finding someone to train for this thing is NOT an easy thing (thanks to Microsoft mentality of POINT-and-CLICK attitude of new people coming into the IT field these days). I've tried to train several people for this task but it was unsuccessful. Because of this, the company is considering of migrating the TACACS server from Solaris/Linux over to Microsoft Windows platforms (YIKES) so that we can find additional support staffs. The software package that we consider is Cisco ACS. I have several questions regarding this package: 1) Is this software stable on a Windows platform? (Sorry I have to ask) 2) How long does it take to train a newbie to be efficient with Cisco ACS running on Winblows platform? 3) Does Cisco ACS support enable privilege for each individual user (i.e does each user have his/own enable password)? If anyone has done it before or have a similar experience, I would like to hear from you. Many thanks. Sean _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=2520t=2245 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Differences between TACACS+ and Cisco ACS [7:2245]
With NT/2000 and IIS4 or IIS5 we can make any HTTP:// site a HTTPS:// site with a couple of mouse clicks. If you are using Win2K there is a heck of a help file that will walk you through the process, step by step. TTFN, Bill Pearch, Anchorage AK -Original Message- From: Sean Young [mailto:[EMAIL PROTECTED]] Sent: Sunday, April 29, 2001 7:19 PM To: [EMAIL PROTECTED] Subject: Re: Differences between TACACS+ and Cisco ACS [7:2245] You can access it using a browser anywhere. This is what I am worried about. When you are talking about controlling ACS via the web browser interface, does it use standard http or https. If it uses the standard http, then everything can be captured by a sniffer. Can anyone confirm this? Thanks. Sean From: nana Reply-To: nana To: [EMAIL PROTECTED] Subject: Re: Differences between TACACS+ and Cisco ACS [7:2245] Date: Sun, 29 Apr 2001 18:08:09 -0400 CiscoSecure Version 2.6 was for Windows NT/2000 is actually a very improved product compared to its preds. Easy to configure and manage. You can access it using a browser anywhere. It also allows you to control the admin access itself so that others can manage usersgroups etc but not the top admin level functions Sean Young wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Everyone, The company I am working for is considering purchasing Cisco ACS software. This piece of software will be running on Solaris platform. Currently, I am using TACACS+ (self-supported software with source code) on our environment running on both Solaris and linux platforms (Primary TACACS is on Solaris and backup is on Linux). We've modified the source code so that each user has his/her own privilige password so that we have a record of who is doing what on the network devices (accounting purpose). Everything is running smoothly and the company is happy with the result. In my opinion, learning CLI in Unix/linux is not an easy task to master. Because of this, I am solely responsible for the TACACS servers. Finding someone to train for this thing is NOT an easy thing (thanks to Microsoft mentality of POINT-and-CLICK attitude of new people coming into the IT field these days). I've tried to train several people for this task but it was unsuccessful. Because of this, the company is considering of migrating the TACACS server from Solaris/Linux over to Microsoft Windows platforms (YIKES) so that we can find additional support staffs. The software package that we consider is Cisco ACS. I have several questions regarding this package: 1) Is this software stable on a Windows platform? (Sorry I have to ask) 2) How long does it take to train a newbie to be efficient with Cisco ACS running on Winblows platform? 3) Does Cisco ACS support enable privilege for each individual user (i.e does each user have his/own enable password)? If anyone has done it before or have a similar experience, I would like to hear from you. Many thanks. Sean _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=2535t=2245 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Differences between TACACS+ and Cisco ACS [7:2245]
Cisco ACS provides lot of control and management features on Cisco routers. Few of them ... 1 You'd define access privileges, so user could log on once and he will be assigned to appropriate level of enable mode. 2 You'd have auxillary enable password required on per user basis. 3 You'd use Cisco ACS to confirm authorization request for each user's command i.e. this will give you command level granuality. That is, users could be in enable 15 mode ... but, still conf t would be denied via authorization. 4 You'd create accounting of every single command typed in either config mode or EXEC mode. HTH GS Sean Young wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Everyone, The company I am working for is considering purchasing Cisco ACS software. This piece of software will be running on Solaris platform. Currently, I am using TACACS+ (self-supported software with source code) on our environment running on both Solaris and linux platforms (Primary TACACS is on Solaris and backup is on Linux). We've modified the source code so that each user has his/her own privilige password so that we have a record of who is doing what on the network devices (accounting purpose). Everything is running smoothly and the company is happy with the result. In my opinion, learning CLI in Unix/linux is not an easy task to master. Because of this, I am solely responsible for the TACACS servers. Finding someone to train for this thing is NOT an easy thing (thanks to Microsoft mentality of POINT-and-CLICK attitude of new people coming into the IT field these days). I've tried to train several people for this task but it was unsuccessful. Because of this, the company is considering of migrating the TACACS server from Solaris/Linux over to Microsoft Windows platforms (YIKES) so that we can find additional support staffs. The software package that we consider is Cisco ACS. I have several questions regarding this package: 1) Is this software stable on a Windows platform? (Sorry I have to ask) 2) How long does it take to train a newbie to be efficient with Cisco ACS running on Winblows platform? 3) Does Cisco ACS support enable privilege for each individual user (i.e does each user have his/own enable password)? If anyone has done it before or have a similar experience, I would like to hear from you. Many thanks. Sean _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=2401t=2245 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Differences between TACACS+ and Cisco ACS [7:2245]
I just tried to purchase Cisco ACS for Solaris and was told that it is no longer available on that platform. The only part number they had was for version 2.6 was for Windows NT/2000. We elected to go with a Cisco's freeware TACACS+... Sean Young wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Everyone, The company I am working for is considering purchasing Cisco ACS software. This piece of software will be running on Solaris platform. Currently, I am using TACACS+ (self-supported software with source code) on our environment running on both Solaris and linux platforms (Primary TACACS is on Solaris and backup is on Linux). We've modified the source code so that each user has his/her own privilige password so that we have a record of who is doing what on the network devices (accounting purpose). Everything is running smoothly and the company is happy with the result. In my opinion, learning CLI in Unix/linux is not an easy task to master. Because of this, I am solely responsible for the TACACS servers. Finding someone to train for this thing is NOT an easy thing (thanks to Microsoft mentality of POINT-and-CLICK attitude of new people coming into the IT field these days). I've tried to train several people for this task but it was unsuccessful. Because of this, the company is considering of migrating the TACACS server from Solaris/Linux over to Microsoft Windows platforms (YIKES) so that we can find additional support staffs. The software package that we consider is Cisco ACS. I have several questions regarding this package: 1) Is this software stable on a Windows platform? (Sorry I have to ask) 2) How long does it take to train a newbie to be efficient with Cisco ACS running on Winblows platform? 3) Does Cisco ACS support enable privilege for each individual user (i.e does each user have his/own enable password)? If anyone has done it before or have a similar experience, I would like to hear from you. Many thanks. Sean _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=2415t=2245 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Differences between TACACS+ and Cisco ACS [7:2245]
Where would one find this freeware TACACS+ server software? Didn't see it on CCO Software Center -Brad [EMAIL PROTECTED] - Original Message - From: Perry J. Lucas To: Sent: Saturday, April 28, 2001 8:58 PM Subject: RE: Differences between TACACS+ and Cisco ACS [7:2245] I just tried to purchase Cisco ACS for Solaris and was told that it is no longer available on that platform. The only part number they had was for version 2.6 was for Windows NT/2000. We elected to go with a Cisco's freeware TACACS+... Sean Young wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Everyone, The company I am working for is considering purchasing Cisco ACS software. This piece of software will be running on Solaris platform. Currently, I am using TACACS+ (self-supported software with source code) on our environment running on both Solaris and linux platforms (Primary TACACS is on Solaris and backup is on Linux). We've modified the source code so that each user has his/her own privilige password so that we have a record of who is doing what on the network devices (accounting purpose). Everything is running smoothly and the company is happy with the result. In my opinion, learning CLI in Unix/linux is not an easy task to master. Because of this, I am solely responsible for the TACACS servers. Finding someone to train for this thing is NOT an easy thing (thanks to Microsoft mentality of POINT-and-CLICK attitude of new people coming into the IT field these days). I've tried to train several people for this task but it was unsuccessful. Because of this, the company is considering of migrating the TACACS server from Solaris/Linux over to Microsoft Windows platforms (YIKES) so that we can find additional support staffs. The software package that we consider is Cisco ACS. I have several questions regarding this package: 1) Is this software stable on a Windows platform? (Sorry I have to ask) 2) How long does it take to train a newbie to be efficient with Cisco ACS running on Winblows platform? 3) Does Cisco ACS support enable privilege for each individual user (i.e does each user have his/own enable password)? If anyone has done it before or have a similar experience, I would like to hear from you. Many thanks. Sean _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=2420t=2245 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Differences between TACACS+ and Cisco ACS [7:2245]
On Sat, Apr 28, 2001 at 09:46:31PM -0400, Brad Steinman wrote: Where would one find this freeware TACACS+ server software? Didn't see it on CCO Software Center ftp://ftp-eng.cisco.com/pub/tacacs/ -- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=2424t=2245 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Differences between TACACS+ and Cisco ACS [7:2245]
From: Brad Steinman Reply-To: Brad Steinman To: [EMAIL PROTECTED] Subject: Re: Differences between TACACS+ and Cisco ACS [7:2245] Date: Sat, 28 Apr 2001 21:46:31 -0400 Where would one find this freeware TACACS+ server software? Didn't see it on CCO Software Center -Brad [EMAIL PROTECTED] - Original Message - From: Perry J. Lucas To: Sent: Saturday, April 28, 2001 8:58 PM Subject: RE: Differences between TACACS+ and Cisco ACS [7:2245] I just tried to purchase Cisco ACS for Solaris and was told that it is no longer available on that platform. The only part number they had was for version 2.6 was for Windows NT/2000. We elected to go with a Cisco's freeware TACACS+... Sean Young wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Everyone, The company I am working for is considering purchasing Cisco ACS software. This piece of software will be running on Solaris platform. Currently, I am using TACACS+ (self-supported software with source code) on our environment running on both Solaris and linux platforms (Primary TACACS is on Solaris and backup is on Linux). We've modified the source code so that each user has his/her own privilige password so that we have a record of who is doing what on the network devices (accounting purpose). Everything is running smoothly and the company is happy with the result. In my opinion, learning CLI in Unix/linux is not an easy task to master. Because of this, I am solely responsible for the TACACS servers. Finding someone to train for this thing is NOT an easy thing (thanks to Microsoft mentality of POINT-and-CLICK attitude of new people coming into the IT field these days). I've tried to train several people for this task but it was unsuccessful. Because of this, the company is considering of migrating the TACACS server from Solaris/Linux over to Microsoft Windows platforms (YIKES) so that we can find additional support staffs. The software package that we consider is Cisco ACS. I have several questions regarding this package: 1) Is this software stable on a Windows platform? (Sorry I have to ask) 2) How long does it take to train a newbie to be efficient with Cisco ACS running on Winblows platform? 3) Does Cisco ACS support enable privilege for each individual user (i.e does each user have his/own enable password)? If anyone has done it before or have a similar experience, I would like to hear from you. Many thanks. Sean _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=2426t=2245 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Differences between TACACS+ and Cisco ACS [7:2245]
RPMs for the same is available here (RPMs make installing on Linux a piece of cake, basically automated installs): http://freshmeat.net/projects/tacacs+/ I'll be giving it a spin tonight for use in my lab (updated my diagrams today as well): http://r2cisco.artoo.net/routers.html Actually, I don't like the way the line drawings exported from Visio, so I'll update it again to make it more clear. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Control Program wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... On Sat, Apr 28, 2001 at 09:46:31PM -0400, Brad Steinman wrote: Where would one find this freeware TACACS+ server software? Didn't see it on CCO Software Center ftp://ftp-eng.cisco.com/pub/tacacs/ -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=2440t=2245 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
