19 | P a g e
1.1.5 Set 'login authentication for 'line tty' (Scored)
Profile Applicability:
Level 1
Description:
Authenticates users who access the router or switch using the TTY port.
Rationale:
Using AAA authentication for interactive management access to the device provides
consistent, centralized control of your network. The default under AAA (local or network)
is to require users to log in using a valid user name and password. This rule applies for
both local and network AAA.
Audit:
Perform the following to determine if AAA authentication for line login is enabled:
If the command does not return a result for each management access method, the feature is
not enabled
hostname#sh run | sec line | incl login authentication
Remediation:
Configure management lines to require login using the default or a named AAA
authentication list. This configuration must be set individually for all line types.
hostname(config)#line tty {line-number} [ending-line-number]
hostname(config-line)#login authentication {default | aaa_list_name}
Impact:
Enabling Cisco AAA 'login authentication for line TTY' is significantly disruptive as former
access methods are immediately disabled. Therefore, before enabling Cisco AAA 'login
authentication for line TTY', the organization should plan and implement authentication
logins and passwords, challenges and responses, and token technologies.
Default Value:
Login authentication is not enabled.
Uses the default set with aaa authentication login.
我的内容管理
展开
