10-02-2006 10:13 AM
If TACACS is implemented on all network switches, what is the best way to implement TACACS on the LMS 2.5 server that manages the network?
10-02-2006 10:18 AM
There are older switches that do not implement TACACS+. However, all modern CatOS and IOS switches do.
As for your other question, more context is required. Do you have CiscoSecure ACS? What kind of LMS/TACACS interaction are you looking for? With LMS 2.5, you can use CS ACS for LMS authorization as well as for access to network devices.
10-02-2006 10:29 AM
The network consists of 2950s cored to two 6513s. TACACS would be applied via the "aaa" command. We want someone to be able to use LMS to change vlans, for example, on a selected group of switches using their TACACS userid and pw, so that the changes made on the switches is tracable to that someone.
10-02-2006 10:38 AM
You can do that using the job based password feature of LMS. With this, the user executing the job provides their username and password for that job only. That way, AAA logs will reflect that user as being the one that performed the config changes.
In this configuration, the best solution would be to enforce job-based passwords using RME > Admin > Config Mgmt > Config Job Policies. Make the Job Passwords mandatory by unchecking the User Configurable checkbox. Then, all config changes must specify per-job credentials.
10-02-2006 11:32 AM
Thanks, sounds like that will work for the LMS user, but don't I still have to configure LMS with a TACACS id and pw before it can access the switches?
10-02-2006 03:09 PM
You will still need to enter TACACS credentials in the DCR so that the various applications can access the devices.
10-02-2006 03:16 PM
No, you don't HAVE to. RME (and other LMS apps) can certain use SNMP to perform all necessary operations. However, if you want to use telnet/SSH for configuration fetches in RME, you will need to populate DCR with a username and password.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide