From Arista MLS DCS-7000 Series NDM Security Technical Implementation Guide
Part of SRG-APP-000151-NDM-000248
Associated with: CCI-000767
Multifactor authentication is defined as: using two or more factors to achieve authentication.
Determine if the network device uses multifactor authentication for local access to privileged accounts. This requirement may be verified by demonstration or configuration review. This requirement may be met through use of a properly configured authentication server if the device is configured to use the authentication server. If multifactor authentication is not used for local access to privileged accounts, this is a finding. Review the device configuration via the "show running-config" command. The line "aaa authentication login console group [server-group] [radius/tacplus] [local]" must be present and must contain, at a minimum, the server group used for authentication, if present, or the term radius or tacplus to indicate all configured radius or tacplus servers, and the term local for local database authentication.
Configure the network device or its associated authentication server to use multifactor authentication for local access to privileged accounts. To configure the local device to authenticate via its authentication server, enter the following command from the configuration mode interface. Replace the bracketed value with the configured server group name or the name of the server type to validate against all configured servers of that type. switch(config)#aaa authentication login console group [radius] local
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer