Hello, Matt! You wrote on Fri, 03 Feb 2006 11:00:09 -0500:
MW> Maybe we can just start a discussion here instead... since I've MW> very new to AAA, here's the setup I had in mind -
MW> 1.) Disable authentication on the console port.
Don't disable. Use local account.
MW> 2.) Create one local user on each device in case the RADIUS MW> services go down.
Yep. It's also useful for #1 above. Use secret command so password couldn't be easily decoded.
MW> 3.) Enable SSH on as many devices as possible.
Yep. And disable normal telnet access.
MW> Does this seem like a reasonable configuration?
Also tacacs accounting is very helpful to find out who did what when.
With best regards, Andrey.