SV-220507r604141_rule
V-220507
SRG-APP-000499-NDM-000319
CISC-ND-001250
CAT II
10
Configure the Cisco switch to generate log records when administrator privileges are deleted as shown in the example below:
Step 1: Configure the AAA servers as shown in the example below:
SW1(config)# radius-server host 10.1.48.10
SW1(config)# radius-server host 10.1.48.12
Step 2: Configure an AAA server group as shown in the example below:
SW1(config)# aaa group server radius RADIUS_SERVERS
SW1(config-radius)# server 10.1.48.10
SW1(config-radius)# server 10.1.48.12
SW1(config-radius)# exit
Step 3: Enable AAA accounting as shown in the example below:
SW1(config)# aaa accounting default group RADIUS_SERVERS
SW1(config)# end
Review the Cisco switch configuration to verify that it is compliant with this requirement as shown in the example below:
Step 1: Verify that account records will be sent to an AAA server as shown in the example below:
aaa accounting default group RADIUS_SERVERS
Step 2: Verify that the referenced group name has defined AAA servers that are online.
aaa group server radius RADIUS_SERVERS
server 10.1.48.10
server 10.1.48.12
Note: Cisco NX-OS devices report configuration activity to TACACS+ or RADIUS servers in the form of accounting records. Each accounting record contains accounting attribute-value (AV) pairs and is stored on the AAA server.
If the Cisco switch is not configured to generate log records when administrator privileges are deleted, this is a finding.
V-220507
False
CISC-ND-001250
Review the Cisco switch configuration to verify that it is compliant with this requirement as shown in the example below:
Step 1: Verify that account records will be sent to an AAA server as shown in the example below:
aaa accounting default group RADIUS_SERVERS
Step 2: Verify that the referenced group name has defined AAA servers that are online.
aaa group server radius RADIUS_SERVERS
server 10.1.48.10
server 10.1.48.12
Note: Cisco NX-OS devices report configuration activity to TACACS+ or RADIUS servers in the form of accounting records. Each accounting record contains accounting attribute-value (AV) pairs and is stored on the AAA server.
If the Cisco switch is not configured to generate log records when administrator privileges are deleted, this is a finding.
M
4066