Security Basics mailing list archives
RE: CISCO Catalyst
From: "Worrell, Brian" <BWorrell () isdh IN gov>
Date: Wed, 23 Jan 2008 15:14:45 -0500
I recall reading that you can create access levels such as 13, allowing certain commands to that level.
From experience I know you can at least use the default 1 and 15, create two different Active Directory groups, then using Microsoft IAS as you Radius, pass thru the group to the Cisco device and get the proper permissions.
There was a document on the Cisco support site that I read when we did this. It was almost two years ago, though. If I find the link, I will pass it on. If not, you should still be able to find it there. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Vega - Brunello Ivan Sent: Wednesday, January 23, 2008 11:55 AM To: pepsdiaz () gmail com; security-basics () securityfocus com Subject: R: CISCO Catalyst In short: setup a TACACS+ server (that is, a server which manages the userbase). This way, you can: - setup users in a centralized location, and optionally bind user to external userbase (e.g. Active Directory, LDAP, or SQL). - set password policies (if you use external userbase, external userbase policy apply). - group users by role. - grant users or groups access to every single command (TACACS+ lets you do, something else like RADIUS cannot). - have log of every single action. AFAIK the only one (for tacacs) is Cisco own ACS product. Dunno if there are cheaper (and better) alternatives. Ivan Brunello System & Network Management -----Messaggio originale----- Da: listbounce () securityfocus com [mailto:listbounce () securityfocus com] Per conto di pepsdiaz () gmail com Inviato: mercoledì 23 gennaio 2008 10.27 A: security-basics () securityfocus com Oggetto: CISCO Catalyst Dear all, I need to audit a CISCO Catalyst 6509 and 2950. I would like to know, if you can set up several users in order log their activities on it and how to do that. Besides, I would like to know if you can set up password protection measures like: - Change password periodically. - Lenght of password - Historical of password Can you set up more than one user role or just the administrator? Thanks in advance to everybody.
Current thread:
- CISCO Catalyst pepsdiaz (Jan 23)
- RE: CISCO Catalyst Worrell, Brian (Jan 23)
- Re: CISCO Catalyst Leif Hardison (Jan 23)
- Re: CISCO Catalyst Andrea Gatta (Jan 23)
- RE: CISCO Catalyst Erik Soosalu (Jan 23)
- Re: CISCO Catalyst Gou, S.TOKIDA (Jan 23)
- Re: CISCO Catalyst a42n8k9 dejazzd.com (Jan 23)
- RE: CISCO Catalyst Aaron T. Rohyans (Jan 23)
- R: CISCO Catalyst Vega - Brunello Ivan (Jan 23)
- RE: CISCO Catalyst Worrell, Brian (Jan 23)
- Re: R: CISCO Catalyst Jens Link (Jan 23)
- RE: R: CISCO Catalyst Erik Soosalu (Jan 23)
- Re: CISCO Catalyst brian . bevers (Jan 23)
- RE: CISCO Catalyst Worrell, Brian (Jan 23)