Information
If account management functions are not automatically enforced, an attacker could gain privileged access to a vital element of the network security architecture
Using AAA authentication for interactive management access to the device provides consistent, centralized control of your network. The default under AAA (local or network) is to require users to log in using a valid user name and password. This rule applies for both local and network AAA.
Solution
Configure management lines to require login using the default or a named AAA authentication list. This configuration must be set individually for all line types.
hostname#(config)ip http secure-server
hostname#(config)ip http authentication {default | _aaa\_list\_name_}
Impact:
Enabling Cisco AAA 'line login' is significantly disruptive as former access methods are immediately disabled. Therefore, before enabling Cisco AAA 'line login', the organization should plan and implement authentication logins and passwords, challenges and responses, and token technologies.