On Mon, 27 Oct 2003, Owen DeLong wrote:
That all looks pretty good to me. I would add one thing, however, and that is a recommendation (not requirement) for the console to have some form of fall-back authentication that does not require functioning IP or depend on external servers. something like this:
n.n.n Non-IP Console Supports Independent Authentication
Requirement: The Non-IP console interface SHOULD support an authentication
I'd say s/SHOULD/MUST/ otherwise you get into chicken-egg scenarios.
Imagine how ridiculous it would be to try to configure IP on a cisco router, but not being able to get into the serial console because it required IP to be working before you could configure IP.
Excellent point, however, simply substituting MUST at that point will not solve that problem. Perhaps verbage to the effect that
"NON-IP console authentication MUST -not- be dependant upon IP configuration to function" would come closer to that goal.
-Dan