We have multiple sites but we now have the added risk of multiple admins on our routers and switches.
What we would like to do is have a master local password & enable password (encrypted of course) on each device which would only ever be used in dire emergencies and hopefully never. Basically, it would be tucked away.
We would then like to use TACACS via active directory for day to day logging on and configuration so that we can easily add and remove users remotely. We have this running at the moment. Obviously, when the TACACS users log on, they will see the encrypted privilege 15 secret which I know is not to hard to decrypt with various tools if you are determined.
But what we would like to try and do, is prevent those users doing a write erase or adding/removing the local users. Basically to stop us being locked out of the device.
Can this be done using a lesser privilege level and if so how?
Thank you. Looking at the line below, I guess I will try level 14 to see what that yields and then take it from there. Very good and simple article.
User poweruser is able to to Telnet in and execute the show run command. This user is at level 15, and is able to see all commands. All commands are at or below level 15; users at this level can also view and control usernames and passwords.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...