The HP FlexFabric Switch must have a local account that will only be used as an account of last resort with full access to the network device.

An XCCDF Rule

Details
Profiles

Description

In the event the network device loses connectivity to the management network authentication service, only a local account can gain access to the switch to perform configuration and maintenance. Without this capability, the network device is inaccessible to administrators.

ID: SV-80785r1_rule
Version: HFFS-ND-000140
Severity: High
References: CCI-000366
Updated: 14 days ago

Remediation Templates

Configure the switch with a local user account that has network-admin and network-operator role.
[5900]local-user adminxxx
[5900-luser-manage-adminxxx]authorization-attribute  user-role network-admin   (or level=15)
[5900-luser-manage-adminxxx]authorization-attribute  user-role network-operator
[5900-luser-manage-adminxxx]service-type terminal
[5900-luser-manage-adminxxx]password hash xxxxxxxxxxxxxx

The HP FlexFabric Switch must have a local account that will only be used as an account of last resort with full access to the network device.

Description

Remediation Templates

A Manual Procedure