Vulnerability V-215854

Review the Cisco router configuration to verify the device is configured to use at least two authentication servers as primary source for authentication as shown in the following example: aaa new-model ! aaa authentication CONSOLE group radius local aaa authentication login LOGIN_AUTHENTICATION group radius local … … … ip http authentication aaa login-authentication LOGIN_AUTHENTICATION ip http secure-server … … … radius-server host x.x.x.x auth-port 1812 acct-port 1813 key xxxxxx radius-server host x.x.x.x auth-port 1812 acct-port 1813 key xxxxxx … … … line con 0 exec-timeout 5 0 login authentication CONSOLE line vty 0 1 exec-timeout 5 0 login authentication LOGIN_AUTHENTICATION If the Cisco router is not configured to use at least two authentication servers for the purpose of authenticating users prior to granting administrative access, this is a finding.

Step 1: Configure the Cisco router to use at least two authentication servers as shown in the following example: R4(config)#radius host 10.1.48.2 key xxxxxx R4(config)#radius host 10.1.48.3 key xxxxxx Step 2: Configure the authentication order to use the authentication servers as primary source for authentication as shown in the following example: R4(config)#aaa authentication CONSOLE group radius local R4(config)#aaa authentication login LOGIN_AUTHENTICATION group radius local Step 3: Configure all network connections associated with a device management to use the authentication servers for the purpose of login authentication. R4(config)#line vty 0 1 R4(config-line)#login authentication LOGIN_AUTHENTICATION R4(config-line)#exit R4(config)#line con 0 R4(config-line)#login authentication CONSOLE R4(config-line)#exit R4(config)#ip http authentication aaa login-authentication LOGIN_AUTHENTICATION