1.1.6 Set 'login authentication for 'ip http' - http authentication


If account management functions are not automatically enforced, an attacker could gain privileged access to a vital element of the network security architecture


Using AAA authentication for interactive management access to the device provides consistent, centralized control of your network. The default under AAA (local or network) is to require users to log in using a valid user name and password. This rule applies for both local and network AAA.


Enabling Cisco AAA 'line login' is significantly disruptive as former access methods are immediately disabled. Therefore, before enabling Cisco AAA 'line login', the organization should plan and implement authentication logins and passwords, challenges and responses, and token technologies.


Configure management lines to require login using the default or a named AAA authentication list. This configuration must be set individually for all line types.

hostname#(config)ip http secure-server
hostname#(config)ip http authentication {default | _aaa\_list\_name_}

Default Value:

Login authentication is not enabled.

Uses the default set with aaa authentication login.

See Also


Item Details


References: 800-53|AC-2(1), CSCv7|16.2

Plugin: Cisco

Control ID: 6982beb4648a80c85c482d3634c6374ebb7b4fd27f381cd55a7b0c1858974ae7