Re: Cisco IOS password encryption facts

Michael Degerman (mide@NATVERKET.COM)
Thu, 13 Nov 1997 19:58:15 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Erik Troan: "Re: Safe /tmp cleanup"
Previous message: Valdis Kletnieks: "Re: Safe /tmp cleanup"
Maybe in reply to: John Bashinski: "Cisco IOS password encryption facts"

> Not necessarily. If you use TACACS+ for AAA and enable AAA accounting,
> you will (at least in my humble experience) be unable to get in - the cisco
> must send an accounting record to the TACACS+ server, but it can't reach
> the TACACS+ server, so it refuses to let you in. (If anyone knows how to
> get around this without turning off aaa accounting, *please* let me know! =)

If you don't put a "login" line on the vty's in the Cisco box then you
will have problems, like the senario you just describe. But if you put
a "login" line on the vty's the Cisco will start with the tacacs+ login
prompt and then after trying to get a respons from the tacacs+ it will
time-out and give you a default login..
It's also depending on how you implement the tacacs+ login which
password you have as backup.. Some times you got too have a password
defined on the vty's as well because it's the default setting if noting
else is specified.

>
> (Also note that I may have any and/or all of the above wrong - it's so long
> that I can't quite remember all the exact details...)

Hey! It might be easy to learn but it's a lot easier to forget!

//Michael Degerman
------------------------------------------------------------------------
A lonely guy with a lot on the mind!

Next message: Erik Troan: "Re: Safe /tmp cleanup"
Previous message: Valdis Kletnieks: "Re: Safe /tmp cleanup"
Maybe in reply to: John Bashinski: "Cisco IOS password encryption facts"