Paul, AAA is what I do, so I would recommend that. Unless you've got a small handful of routers and the configs rarely change, AAA makes your life much easier.
TACACS+ would have let you get much more specific on what commands the outside company could run - command authorization. If you have any UNIX systems, you can get the freeware TACACS+ server from Cisco and compile that. If you have Debian or RedHat Linux, I know for sure that it's available as a binary package right on the CD. http://www.cisco.com/warp/public/480/tacplus.shtml Thanks, Shawn Paul wrote: > > Hi ... > > I am just about to change all the router/switch passwords in my company > (about > 40) ... I have only been there several weeks and I have only worked in a very > small routing/switching environment before .... > > I have had to give access to an outside company so they can monitor certain > WA > N links they have set-up ... I have setup privilige level 7 for these guys > with a relevant line vty username and password .... and priv level 15 for me > .... > > All the routers and switches currently have different passwords .... because > I > have very little expereince in this field .. I was wondering what the norm > would be ??? and what you guys yourselves have done in situations like this > .... or is there another way I could do this ??? Oh yes ... and I don't have > any TACACS or Radius servers or the such for remote authentication ..... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46284&t=46246 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
