1.1.2 Enable 'aaa authentication login'

Information

Sets authentication, authorization and accounting (AAA) authentication at login.

Rationale:

Using AAA authentication for interactive management access to the device provides consistent, centralized control of your network. The default under AAA (local or network) is to require users to log in using a valid user name and password. This rule applies for both local and network AAA. Fallback mode should also be enabled to allow emergency access to the router or switch in the event that the AAA server was unreachable, by utilizing the LOCAL keyword after the AAA server-tag.

Impact:

Implementing Cisco AAA is significantly disruptive as former access methods are immediately disabled. Therefore, before implementing Cisco AAA, the organization should carefully review and plan their authentication methods such as logins and passwords, challenges and responses, and which token technologies will be used.

Solution

Configure AAA authentication method(s) for login authentication.

hostname(config)#aaa authentication login {default | aaa_list_name} [passwd-expiry]
[method1] [method2]


Default Value:

AAA authentication at login is disabled.

See Also

https://workbench.cisecurity.org/files/3801

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2(1), CSCv7|16.2

Plugin: Cisco

Control ID: 72279b62e117aac75266b059ed9f2eb7134e409879b44ee9a0c4b444a6b3ebd4