I nearly titled this "Sell me on a TACACS+ server or alternative"
I've been aware of TACACS forever but I've never had a need to set it up. But recently my manager and I have been discussing wanting to:
1) Log every command entered on our Cisco gear by whom - this has arisen from a couple times when a device has mysteriously restarted, and the 'sh ver' output says it was rebooted by reload command, but nobody will own up to doing it.
2) Give us the ability to assign each employee their own login - ideally, to use their AD credentials - instead of having to share one or two logins.
I believe this is exactly what AAA & a TACACS+ server will give me. Feel free to correct me if I'm wrong.
I've been browsing around a bit today and right now I'm not sure what direction to go.
We're a mostly Windows shop, so a Linux solution is not preferred (but possible, if there's strong justification). I've also seen cloud-based solutions, I wouldn't be opposed to that if folks here can endorse them.
We're not necessarily looking for a free one (I think tacacs.net is free, with some limitations?) but obviously want something reasonably priced.
The question of what will happen if the server goes down will inevitably be asked, so any tips on setting up a backup at another site or experience with cloud solutions would be great.
Any help greatly appreciated - thanks in advance.
No comments:
Post a Comment