11-16-2004 03:23 PM - edited 03-02-2019 08:00 PM
Someone told me there was something call a TACS Server that I could use to manage the passwords and configurations on all my Cisco devices. Is there such a thing and if so where do I find it. Google search did not return anything usefull.
Thanks
11-17-2004 02:55 AM
Hi,
Its called a TACACS server.
Cisco have a free TACACS+ binary that can run on a Unix box and it works very well called tac_plus
http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800946a3.shtml
Or you can purchase Cisco Secure ACS which is a TACACS and RADIUS server that can run on Unix, Windows and there is an appliance version too.
ACS provides a web front end and can be also used to provide 802.1x authentication for wireless devices, eap-tls etc and it can also proxy requests to a One Time Password server such as SecureDynamics ACE server.
To implement TACACS+ you will need to read up on configuring AAA on your devices (catos or ios)
In a nusthell you can use TACACS+ to provide centralised management of authentication using a central file/database containing login accounts, you can also use command authorization so that e.g. usera can only issue "show run" and "show proc cpu" commands, and you can also use accounting to record such activity on your devices.
HTH
Paddy
11-22-2004 05:39 AM
The TACACS+ sounds cool but I do not think it is what I am looking for. I want to manage the configurations of all my routers. Say for instance I want to change the passwords on all routers or change the DLCI or access list on all routers. I would like to do that from on place versus loggin on to 300 devices. I did not get this from what I read about TACACS+. Is there something that does what I am wanting to do?
11-22-2004 06:39 AM
Have a look at CiscoWorks 2000...
You can use it to back up all your devices, change the configurations, upload new firmware, collect sysloging info and sort it by severity level, manage access-lists, change user VLANs, track switchport usage much much more. CiscoWorks can also autodiscover new devices that you add to your network which is useful in an environment of 300+ devices, as they will automatically benefit immediately from many of the feature you have allready configured in CWorks such as having there configs backed up, usertracking etc...
HTH
Paddy
11-18-2004 02:07 PM
As a possible alternative, check out CATTOOLS, a software package from www.kiwisyslog.com
Dave
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide