Ensure 'TACACS+/RADIUS' is configured correctly - protocol

Information

Specifies the AAA server-group and each individual server using the TACACS+ or RADIUS protocol

Rationale:

Authentication, authorization and accounting (AAA) scheme provide an authoritative source for managing and monitoring access for devices. Many protocols are supported for the communication between the systems and the AAA servers: http-form, kerberos, ldap, nt, radius, sdi, tacacs+.

Solution

* Step 1: Acquire the enterprise standard protocol (protocol_name) for authentication (TACACS+ or RADIUS)
* Step 2: Run the following to configure the AAA server-group for the required protocol

hostname(config)#aaa-server _<server-group_name_> protocol _<protocol_name> _

* Step 3: Run the following to configure the AAA server:

hostname(config)#aaa-server _<server-group_name>_ (_<interface_name>_) host _<aaa-server_ip>_ _<shared_key>_

_server-group_name: _the above server-group configured

_interface_name: _the network interface from which the AAA server will be accessed

_aaa-server_ip: _the IP address of the AAA server

_shared_key: _the TACACS+ or RADIUS shared key

or

Use Firepower Device Manager:

Use Objects > Identity Realm.

See Also

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/hardening/ftd/FTD_Hardening_Guide_v64.html

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3

Plugin: Cisco_Firepower

Control ID: d02b62dc17914395e0ce0bc762183c7e47f3c7968702b041675962c205046418