Details

Specifies the AAA server-group and each individual server using the TACACS+ or RADIUS protocol

Rationale:

Authentication, authorization and accounting (AAA) scheme provide an authoritative source for managing and monitoring access for devices. Many protocols are supported for the communication between the systems and the AAA servers: http-form, kerberos, ldap, nt, radius, sdi, tacacs+.

Solution

Step 1: Acquire the enterprise standard protocol (protocol_name) for authentication (TACACS+ or RADIUS)

Step 2: Run the following to configure the AAA server-group for the required protocol

hostname(config)#aaa-server protocol

Step 3: Run the following to configure the AAA server:

hostname(config)#aaa-server () host

server-group_name: the above server-group configured
interface_name: the network interface from which the AAA server will be accessed
aaa-server_ip: the IP address of the AAA server
shared_key: the TACACS+ or RADIUS shared key

Default Value:

The AAA server configuraton is by default disabled

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/3246

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Cisco.

References

• 800-53|AC-2(9)
• CSCv7|4.3

Source

• Tenable.com/audits