The Arista Multilayer Switch must employ AAA service to centrally manage authentication settings.
An XCCDF Rule
Description
<VulnDiscussion>The use of authentication servers or other centralized management servers for providing centralized authentication services is required for network device management. Maintaining local administrator accounts for daily usage on each network device without centralized management is not scalable or feasible. Without centralized management, it is likely that credentials for some network devices will be forgotten, leading to delays in administration, which itself leads to delays in remediating production problems and in addressing compromises in a timely fashion.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-75343r2_rule
- Severity
- High
- References
- Updated
Remediation - Manual Procedure
Configure AAA services via a remote AAA server for all nonlocal accounts.
Configuration:
aaa group server [radius/tacacs] [name]
[radius/tacacs]-server host [IP Address] vrf [name] key [key]
aaa authentication login default group [group name] [radius/tacacs] [local]