Friday, May 15, 2009

"aaa accounting system guarantee-first" Pt2

Just an update on the "aaa accounting system guarantee-first" issue. I submitted a PER and as it turned out, BU & developers decided to treat it like a bug and fix it. But not completely.

Having to choose between the following 2 solutions, they chose the easy one; the first.

1) "Console/Aux user should be permitted if authentication is not configured with any AAA Server Method (radius/tacacs)".

2) "Console/Aux/VTY access should be permitted if authentication is not configured with the same AAA method (radius/tacacs) as system accounting".

As you can see the 1st solution is applicable only to con/aux, while the 2nd is applicable to con/aux/vty.
Also the 1st solution mixes tacacs and radius, like they are used for the same type of access, something that is not true for the majority of services (Cisco knows that better that anyone else).

Cisco expects me to be satisfied from the PER result, but i'm not. They had a chance of fixing something completely, but they decided to just patch it temporarily.

1 comment:

 
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Greece License.