password changes in enterprise?

itdaddyitdaddy Member Posts: 2,089 ■■■■□□□□□□
Hey was wondering say I have an enterprise system of routers, switches and ASA firewall
how does someone change the EXEC mode and user mode passwords on all the switches?
you would think that cisco had domain management does it?


I have not read this any where is it possible to change exec password in one spot and change on all systems? (R and S)

Comments

  • networker050184networker050184 Mod Posts: 11,962 Mod
    Use a Radius or TACACS server. Your only other option that I know of is to change the local database on all the devices.
    An expert is a man who has made all the mistakes which can be made.
  • itdaddyitdaddy Member Posts: 2,089 ■■■■□□□□□□
    networker050184

    You know is that what people do; cause it doesn't seem right that is alot of work to
    change on each device manually...I am familar with RADIUS and TACACs some what

    I guess I can google it ...so a both of these authentication technologies will work ithe 100s of cisco devices huh? I am just learning this might be leaving my humble beginning to go to enterprise ;yeah! thank you
    :D
  • astorrsastorrs Member Posts: 3,139 ■■■■■■□□□□
    CatTools2 can do it to, but I agree with networker050184, implement AAA using RADIUS or TACACS+ and get some auditing while you're at it.
  • LuckycharmsLuckycharms Member Posts: 267
    Most effective way is to LEARN VB.NET!!!! ( simply because there might be some simple way to do it in lets say Cisco Works but in the future you might need to do something on a mass scale kinda like this but there might not be a product out there that does it... With learning a language you will be able to create something that can do what you want... ie a simple login/password changer)


    But if you have the money there are plenty of enterprise script editors out there can do exactly what you want.

    I know that is probably not the answer you wanted... But in the long run it will make your life a lot easier...

    or go with an AAA / Radius setup..
    The quality of a book is never equated to the number of words it contains. -- And neither should be a man by the number of certifications or degree's he has earned.
  • GT-RobGT-Rob Member Posts: 1,090
    There are tools out there that you can make mass changes (we change the local password on 5000 devices each month).


    Every enterprise will use TACACS+ or some equivalent though.
  • mikearamamikearama Member Posts: 749
    you can do it via CiscoWorks (LMS). I can create a job that'll run when I like, and change any/all passwords (among other things) on any/all cisco devices in the network.

    If you look into LMS, research the Resource Manager Essentials tool, where the NetConfig option exists. NetConfig allows the modification of any parameter on any device that has been added. Really sweet tool.

    Edit: Should have mentioned... once the job is created, it is saved, and can be re-run. We only have 160 cisco devices (only!), which I would hate to have to do manually every month (ouch, GT). This makes it a snap.
    There are only 10 kinds of people... those who understand binary, and those that don't.

    CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110

    Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project.
  • shednikshednik Member Posts: 2,005
    mikearama wrote:
    you can do it via CiscoWorks (LMS). I can create a job that'll run when I like, and change any/all passwords (among other things) on any/all cisco devices in the network.

    If you look into LMS, research the Resource Manager Essentials tool, where the NetConfig option exists. NetConfig allows the modification of any parameter on any device that has been added. Really sweet tool.

    Edit: Should have mentioned... once the job is created, it is saved, and can be re-run. We only have 160 cisco devices (only!), which I would hate to have to do manually every month (ouch, GT). This makes it a snap.

    We do the same we have 170 sites alone, some of which are massive with 17 buildings or more in North America and our tacacs servers went off lease last month...cisco works made it a breeze :D
  • itdaddyitdaddy Member Posts: 2,089 ■■■■□□□□□□
    you guys are freaking awesome; what would I do without you all! man I am blessed

    thanks so much for your help! fantastic. I appreciate you help and friendship.
    dudes you guys rock!

    toys toys toys so little time to play! :)
Sign In or Register to comment.