cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1131
Views
5
Helpful
7
Replies

Video endpoint access via TACACS

sivashanmugam g
Beginner
Beginner

I have more 500 Video Endpoints and using common credential. i would like add the all VC endpoints in TACACS.  Please guide me how to setup.

This setup will help me to track admin-user made changes .

1 Accepted Solution

Accepted Solutions

With the newer endpoint software versions (CE8.2.0+), the endpoints now supports LDAP user authentication, so everyone could have their own account.

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.

Wayne
--
Please remember to mark helpful responses and to set your question as answered if appropriate.

View solution in original post

7 Replies 7

Wayne DeNardi
VIP Advisor VIP Advisor
VIP Advisor

In a large environment such as that, you would usually use the Cisco TelePresence Management Suite (TMS) to manage your devices.

If all of your devices are part of a CUCM, then you could look at using Cisco Prime Collaboration.

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.

Wayne
--
Please remember to mark helpful responses and to set your question as answered if appropriate.

Thank you Shashank and Wayne for info.

1.My intention to track who are all made configuration changes on VC endpoints since many people using single user name and password.

2. I have TMS  15.2.x

Regards,
Siva

Using a single account for everyone to access the endpoints is a bad choice if you want to monitor who might change it's settings.  Since everyone is using the same account, you have no way to know who is who, the only exception is if you went through the endpoint logs for the configuration change in question, then search your network for the user/computer that corresponds to the source IP address that make the change.

I'd change the admin password of the endpoints and not tell anyone but those that really need to know, then make everyone use TMS to manage the endpoints so you can rely on TMS to log any changes made by users.

With the newer endpoint software versions (CE8.2.0+), the endpoints now supports LDAP user authentication, so everyone could have their own account.

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.

Wayne
--
Please remember to mark helpful responses and to set your question as answered if appropriate.

I forgot LDAP authentication was a new feature with CE8.2. If you do enable LDAP on the endpoint, suggest you also enable audit logging, which will record all user activity and configuration changes, the only downside is you're going to have to go through the endpoint logs which could get quite large. You never mentioned what type of endpoints you have, but if you don't know, CE software is only available on SX10/20/80, DX70/80, MX200/300 G2, and MX700/800. 

Shashank Mahajan
Cisco Employee
Cisco Employee

There is no such possibility of using TACACS/Radius authentication or any other type besides the normal user credentials for Cisco Telepresence endpoints.

You can use Telepresence Management Suite (TMS) for centralized management of your endpoints.

Randy Golosino
Beginner
Beginner

Hi,

We are looking at implementing LDAP authentication for Video endpoint as a requirement of our IT Governance.

Can you share how did you implement LDAP authentication for Video endpoint, I'm not very familiar with Active Directory. What are those key things to do in AD.

 

Thank you,

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers