From: Peter Mello (mello@xxxxxxxxxx)
Date: Thu Aug 29 2002 - 11:59:15 GMT-3
Depending on how many remote locations you have you can either use Tacacs
or just define a username password and privilege level and have the VTY and
console use local authentication.
Set the privilege level for the user to something other than 15 when they
Authenticate and you can define levels of access. ie - group 2 can
do pings and group 12 can look at ( but not change ) the configs.
User bart privilege 2 pass simpson1
User homer privilege 12 pass simpson2
User marge privilege 15 pass simpson3
privilege exec level 2 ping
privilege exec level 12 show startup-config
line vty 0 4
exec-timeout 30 0
logging synchronous
login local
!
To disable the dictionary attack on your enable password make it a
combination of letters and numbers or symbols.
-----Original Message-----
From: Wright, Jeremy [mailto:JA_WRIGHT@admworld.com]
Sent: Wednesday, August 28, 2002 9:42 AM
To: 'security@groupstudy.com'
Cc: 'ccielab@groupstudy.com'
Subject: Read Only Access For Telnet
I have a remote location that is needing read only access to my router. I
know you can decrypt the encrypted password in the show run and I want to
eliminate the possibility of them doing that. What is the best way to
accomplish this?
************************
Jeremy Wright
Network Analyst
Archer Daniels Midland
ja_wright@admworld.com
(217)451-4063
************************
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:48:41 GMT-3