Best TAC Services from Equipment Vendors

• Previous message (by thread): Best TAC Services from Equipment Vendors
• Next message (by thread): Best TAC Services from Equipment Vendors
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> when a TAC engineer wanted to bounce our Voice VLAN SVI in the middle of an *airport* production day. 
> I about turned over my desk trying to wrest the remote control session back from him before he hit enter 
> on the shut. Since then, I have had to go through a not insignificant evaluation period of TAC engineers 
> before I let them take control of a remote session, and it is now simply pure instinct to log SSH sessions.

Picture it, Cisco TAC, on a troubleshooting call, runs 'no ip routing' and hits enter before our engineer could scream "NO" at 11:30AM on a core L3 on a college campus.

RCA afterwards:

1. "Always log all terminals (we prefer SecureCRT) from Windows bastion host to OneDrive or Google Drive" 
2. New CiscoTAC TACACS login created allowing Enable but Denying "configure" as a command. When you troubleshoot, you log in as CiscoTAC. 

The CiscoTAC tacacs profile description in Clearpass makes it clear why it's there. I left the curse words out.

-J

John C. Lyden
Associate Director, Network Operations
Division of Information Resources & Technology
Rowan University 

• Previous message (by thread): Best TAC Services from Equipment Vendors
• Next message (by thread): Best TAC Services from Equipment Vendors
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]