Jim appears to have advised:
> 1) Load at least 10.3, preferably 11.0 or 11.1.
> 2) Configure TACACS+.
And bear in mind that none of those releases are in General Deployment (GD),
which is, according to Cisco, "The software version which has achieved
a level of stability appropriate for general use in customers' networks".
Their official policy is that only GD releases are appropriate for critical
infrastructure use, although my experience is that their support engineers
routinely recommend higher releases until confronted with the official
policy. My position is that if it ain't stable enough for general use,
it ain't ready for use in access control. I know, I know, lots of folks
use FCS and LD releases without problems (that they know of), but if the
guys who own the source code won't put their deployment policy behind it,
due care principles prevent me from using it for security. My $.02.
BTW, according to Product Bulletin #367, 10.2(9) is still the highest GD.
W.C. Epperson "I have great faith in fools.
Senior SE Self-confidence, my friends call it."
Information Security Officer --Edgar Allan Poe--
Virginia Dept. of Education