Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
455
Views
0
Helpful
2
Replies

Locking down a switch

rbirkin
Level 1
Level 1

‎11-13-2002 07:21 AM - edited ‎03-09-2019 01:03 AM

Here's the deal.

We have a switch that's outside the PIX. All internal switches are configured for tacacs+ using ACS 2.6 for NT. I need to lock down this switch although I'm unsure as to what would be the best method. Do I configure tacacs+ on the switch to authenticate through the PIX? Should I configure local AAA? Both?

What about telneting into the box, or http access for that matter? Wouldn't the logon credentials be sent over in clear text? I suppose I could set up a box to SSH into and then telnet from there...

Any ideas appreciated.

Labels:
0 Helpful
2 Replies 2

jekrauss
Level 1
Level 1

‎11-13-2002 05:04 PM

Wouldn't it make good sense for the outside switch to be managed with an ip address in your management subnet? This will eliminate some of your concerns. SSH Server may or may not be available for your switch, but if it isn't, then that would give you much better security than TACACS.

HTH

Jeff

0 Helpful

rbirkin
Level 1
Level 1
In response to jekrauss

‎11-14-2002 05:49 AM

Right...so i'd just configure vlan1 to have an internal IP...

Should've really thought that one through...thanks.

0 Helpful
Customers Also Viewed These Support Documents