Thursday, August 29, 2019

How does your org maintain the local user db on routers/switches when using RADIUS for auth?

I'm a network analyst at a small-ish telco co-op. We've recently grown to the point that we're looking at using RADIUS for authentication management. RADIUS itself is easy enough to implement - we already use it for wireless authentication in the office, but a question my manager and I were pondering is maintaining the local database. Obviously everyone will no longer have a local login - that would defeat the point of RADIUS. It seems like there should probably be one local account, but then who knows it? Should the network analysts/engineers know it in case there's an emergency and the RADIUS server can't be contacted? Should it be restricted to the managers on the network team? Just interested in hearing what other orgs have done.



No comments:

Post a Comment