We are and End User and itt would be good to get TACAS+ authentication and accounting in cnWave device and maybe others so besides the admin account if someone needed to work on a device directly, the admin password is not widely needing to be used or changed regularly. We use ClearPass as our source and it makes it easier to allow a user that already has elevated creds access and to control that access if they leave the company.
Hello Ralph,
Is there much of a need for technicians to access the cnWave device, with each device being controlled by an E2E controller and cnMeastro I would assume that the majority of access will be done this way?
You generally can’t use an authentication server if the device isn’t working or connected to the network, meaning you’ll have to access the device using a local username/password regardless; unless it’s online, which means it can be accessed using cnMeastro.
cnMeastro has RADIUS and TACAS+ authentication - but I’m assuming you’ve already gotten this working.
The way we are using these devices it to extend the network where fiber is not possible and we have switching at either side. We are following the CIS model for Security protocols and since these devices will be on the management network vLAN we need to keep them secure. so we implemented the wireless security but the thought, would be someone locally compromising the network and getting access to it. Our security Policy also states that each network device has to have its own Admin password which we keep in LastPass, so while configuration will be done via cnMaestro, having that next layer of security so the admin password does not have to be given if we need to interface with a device directly is preferred and people leave the company.