password changes in enterprise?

itdaddy

Hey was wondering say I have an enterprise system of routers, switches and ASA firewall
how does someone change the EXEC mode and user mode passwords on all the switches?
you would think that cisco had domain management does it?


I have not read this any where is it possible to change exec password in one spot and change on all systems? (R and S)

networker050184

Use a Radius or TACACS server. Your only other option that I know of is to change the local database on all the devices.

itdaddy

networker050184

You know is that what people do; cause it doesn't seem right that is alot of work to
change on each device manually...I am familar with RADIUS and TACACs some what

I guess I can google it ...so a both of these authentication technologies will work ithe 100s of cisco devices huh? I am just learning this might be leaving my humble beginning to go to enterprise ;yeah! thank you

astorrs

CatTools2 can do it to, but I agree with networker050184, implement AAA using RADIUS or TACACS+ and get some auditing while you're at it.

Luckycharms

Most effective way is to LEARN VB.NET!!!! ( simply because there might be some simple way to do it in lets say Cisco Works but in the future you might need to do something on a mass scale kinda like this but there might not be a product out there that does it... With learning a language you will be able to create something that can do what you want... ie a simple login/password changer)


But if you have the money there are plenty of enterprise script editors out there can do exactly what you want.

I know that is probably not the answer you wanted... But in the long run it will make your life a lot easier...

or go with an AAA / Radius setup..

GT-Rob

There are tools out there that you can make mass changes (we change the local password on 5000 devices each month).


Every enterprise will use TACACS+ or some equivalent though.

mikearama

you can do it via CiscoWorks (LMS). I can create a job that'll run when I like, and change any/all passwords (among other things) on any/all cisco devices in the network.

If you look into LMS, research the Resource Manager Essentials tool, where the NetConfig option exists. NetConfig allows the modification of any parameter on any device that has been added. Really sweet tool.

Edit: Should have mentioned... once the job is created, it is saved, and can be re-run. We only have 160 cisco devices (only!), which I would hate to have to do manually every month (ouch, GT). This makes it a snap.

shednik

mikearama wrote:

you can do it via CiscoWorks (LMS). I can create a job that'll run when I like, and change any/all passwords (among other things) on any/all cisco devices in the network.

If you look into LMS, research the Resource Manager Essentials tool, where the NetConfig option exists. NetConfig allows the modification of any parameter on any device that has been added. Really sweet tool.

Edit: Should have mentioned... once the job is created, it is saved, and can be re-run. We only have 160 cisco devices (only!), which I would hate to have to do manually every month (ouch, GT). This makes it a snap.

We do the same we have 170 sites alone, some of which are massive with 17 buildings or more in North America and our tacacs servers went off lease last month...cisco works made it a breeze

itdaddy

you guys are freaking awesome; what would I do without you all! man I am blessed

thanks so much for your help! fantastic. I appreciate you help and friendship.
dudes you guys rock!

toys toys toys so little time to play!