Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Locking down a switch

Here's the deal.

We have a switch that's outside the PIX. All internal switches are configured for tacacs+ using ACS 2.6 for NT. I need to lock down this switch although I'm unsure as to what would be the best method. Do I configure tacacs+ on the switch to authenticate through the PIX? Should I configure local AAA? Both?

What about telneting into the box, or http access for that matter? Wouldn't the logon credentials be sent over in clear text? I suppose I could set up a box to SSH into and then telnet from there...

Any ideas appreciated.

  • Other Security Subjects
New Member

Re: Locking down a switch

Wouldn't it make good sense for the outside switch to be managed with an ip address in your management subnet? This will eliminate some of your concerns. SSH Server may or may not be available for your switch, but if it isn't, then that would give you much better security than TACACS.



New Member

Re: Locking down a switch i'd just configure vlan1 to have an internal IP...

Should've really thought that one through...thanks.