1.1.3 Enable 'aaa authentication enable default'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Authenticates users who access privileged EXEC mode when they use the enable command.

Rationale:

Using AAA authentication for interactive management access to the device provides consistent, centralized control of your network. The default under AAA (local or network) is to require users to log in using a valid user name and password. This rule applies for both local and network AAA.

Impact:

Enabling Cisco AAA 'authentication enable' mode is significantly disruptive as former access methods are immediately disabled. Therefore, before enabling 'aaa authentication enable default' mode, the organization should plan and implement authentication logins and passwords, challenges and responses, and token technologies.

Solution

Configure AAA authentication method(s) for enable authentication.

hostname(config)#aaa authentication enable default {method1} enable

Default Value:

By default, fallback to the local database is disabled.

See Also

https://workbench.cisecurity.org/files/3156