Ensure 'TACACS+/RADIUS' is configured correctly - protocol

Information

Specifies the AAA server-group and each individual server using the TACACS+ or RADIUS protocol

Rationale:

Authentication, authorization and accounting (AAA) scheme provide an authoritative source for managing and monitoring access for devices. Many protocols are supported for the communication between the systems and the AAA servers: http-form, kerberos, ldap, nt, radius, sdi, tacacs+.

Solution

* Step 1: Acquire the enterprise standard protocol (protocol_name) for authentication (TACACS+ or RADIUS)
* Step 2: Run the following to configure the AAA server-group for the required protocol

hostname(config)#aaa-server _<server-group_name_> protocol _<protocol_name> _

* Step 3: Run the following to configure the AAA server:

hostname(config)#aaa-server _<server-group_name>_ (_<interface_name>_) host _<aaa-server_ip>_ _<shared_key>_

_server-group_name: _the above server-group configured

_interface_name: _the network interface from which the AAA server will be accessed

_aaa-server_ip: _the IP address of the AAA server

_shared_key: _the TACACS+ or RADIUS shared key

or

Use Firepower Device Manager:

Use Objects > Identity Realm.

See Also

https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623.html

Item Details

Category: ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION

References: 800-53|AC-3, 800-53|AU-2, 800-53|IA-2

Plugin: Cisco

Control ID: b88662a6b175465348b2fa7e217848f4e615ebdae999f832dd771741e3c150ba