1.1.5 Set 'login authentication for 'line vty'

Information

Authenticates users who access the router or switch remotely through the VTY port.

Rationale:

Using AAA authentication for interactive management access to the device provides consistent, centralized control of your network. The default under AAA (local or network) is to require users to log in using a valid user name and password. This rule applies for both local and network AAA.

Impact:

Enabling Cisco AAA 'login authentication for line VTY' is significantly disruptive as former access methods are immediately disabled. Therefore, before enabling Cisco AAA 'login authentication for line VTY', the organization should plan and implement authentication logins and passwords, challenges and responses, and token technologies.

Solution

Configure management lines to require login using the default or a named AAA authentication list. This configuration must be set individually for all line types.

hostname(config)#line vty {line-number} [<em>ending-line-number]
hostname(config-line)#login authentication {default | aaa_list_name}

Default Value:

Login authentication is not enabled.

Uses the default set with aaa authentication login.

See Also

https://workbench.cisecurity.org/files/3801

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2(1), CSCv7|16.2

Plugin: Cisco

Control ID: cab323f2f92b96f244c1e0a3ac766399382471780c39a6812edde869cc32f55a