The state of TACACS+

Michael Douglas Michael.Douglas at IEEE.org
Mon Dec 29 18:38:36 UTC 2014


If someone has physical access to a Cisco router they can initiate a
password recovery; tacacs vs local account doesn't matter at that point.

On Mon, Dec 29, 2014 at 12:28 PM, Colton Conor <colton.conor at gmail.com>
wrote:

> Glad to know you can make local access only work if TACAS+ isn't
> available. However, that still doesn't prevent the employee who know the
> local username and password to unplug the device from the network, and the
> use the local password to get in. Still better than our current setup of
> having one default username and password that everyone knows.
>
>
>



More information about the NANOG mailing list