1.4.3.6 Ensure 'aaa authentication telnet console' is configured correctly

Information

Authenticates users who access the security appliance using Telnet.

Rationale:

Using AAA authentication for interactive management access to the device provides consistent, centralized control of your network. The default under AAA (local or network) is to require users to log in using a valid user name and password. This rule applies for both local and network AAA. Fallback mode should also be enabled to allow emergency access to the firewall in the event that the AAA server was unreachable, by utilizing the LOCAL keyword after the AAA server-tag.

Solution

Configure the aaa authentication Telnet using the TACACS+ server-group as primary method and the local database as backup method.

hostname(config)#aaa authentication telnet console <server-group_name> local

Default Value:

The aaa authentication telnet console is disabled by default.

See Also

https://workbench.cisecurity.org/files/3246

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2(9), CSCv7|4.3

Plugin: Cisco

Control ID: 2d34c5e52b65eab7c472b5645ef6805af30e6cc3257aecce34850fc144f6fbd1