Home > Ask the Networking Experts > Questions & Answers > How can I check to see that all of our routers are configured for TACACS access?
Ask The Networking Expert: Questions & Answers
EMAIL THIS

How can I check to see that all of our routers are configured for TACACS access?

Retired expert - Dwight Barker EXPERT RESPONSE FROM: Retired expert - Dwight Barker

Pose a Question
Other Networking Categories
Meet all Networking Experts
Become an Expert for this site
>
QUESTION POSED ON: 22 March 2005
How can I check to see that all of our routers are configured for TACACS access? Basically, I want to make sure that only authorized people are accessing my routers.

>
There are several ways to validate that all of your routers are configured for TACACS access. Without knowing what brand of router(s) you have on your network, I will have to be generic regarding possible solutions.

Vendor-Specific Element Management Systems

Almost all router companies provide some type of configuration management software. Oftentimes, they will allow you to search through the configuration files to see what is configured on each router. This is becoming more and more common as QoS becomes more prevalent in the marketplace, and users need to validate QoS configuration end-to-end.

Configuration Management Systems

If you have a multi-vendor network or your vendor doesn't support detailed configuration management capabilities, there are companies that sell applications specifically for handling change management. Their main value is to track configuration changes across your infrastructure. A side value is the ability to validate which configuration files have various features turned on.

Modeling Applications

There are a couple of modeling applications that support multi-vendor environments (OPNET for one) that will read in your configuration files and display a model of your network, based on the current configuration of your routers. In addition, they will validate that routers have been configured to meet expectations.

Brute Force (Text Search)

Many routers have configuration files that are text-based, and the files can easily be searched for specific data strings. For example, if the command for configuring TACACS starts with "set TACACS…," you could search the various configuration files for this string. All routers without this string would not have TACACS configured. If there is a lengthier string (perhaps including the address of the TACACS server) that is consistent across the routers, this may help you isolate mis-configured routers as well. All this assumes you can gain access to all of the current configuration files on your routers. If you have access to a UNIX system, you can use the grep command against all the configuration files to get a quick list of router configurations with the string you are looking for.

Hope this helps steer you in the right direction.


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



Expert networking advice and tips for IT professionals
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2000 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts