The A10 Networks ADC must employ centrally managed authentication server(s).
An XCCDF Rule
Description
<VulnDiscussion>The use of authentication servers or other centralized management servers for providing centralized authentication services is required for network device management. Maintaining local administrator accounts for daily usage on each network device without centralized management is not scalable or feasible. Without centralized management, it is likely that credentials for some network devices will be forgotten, leading to delays in administration, which itself leads to delays in remediating production problems and in addressing compromises in a timely fashion. You can configure the device to use remote servers for Authentication, Authorization, and Accounting (AAA) for administrative sessions. The device supports RADIUS, TACACS+, and LDAP servers.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-82593r1_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Since the device supports RADIUS, TACACS+, and LDAP, one of these must be configured. The following is a sample configuration for TACACS+.
The following command sets the authentication method to TACACS+ for administrative access to the device:
authentication type tacplus
The local database (local option) must be included as one of the authentication sources, regardless of the order in which the sources are used. Authentication using only a remote server is not supported.