Cisco IOS authentication allows users to perform authenticated scans of Cisco IOS devices that support the SSH protocol (SSH1 and SSH2) and telnet. When supplying Cisco IOS authentication credentials, you must supply a user account to be used by the scanning engine to log into target hosts, and optionally a password for the user account. If the "enable" command on the target hosts requires a password, then you must also provide the enable password in the authentication record.
When the compliance module is enabled, users with compliance privileges can launch compliance scans to identify whether hosts are compliant with user-defined policies. Successful authentication to target hosts is required for compliance scans. In this case, Cisco IOS authentication must be performed with superuser (root) privileges. If root privileges are not provided or if authentication to hosts fails, then no controls can be evaluated for the host and no compliance data can be collected for the host. If authentication to a host is successful, then the host can be evaluated for compliance.
For compliance scanning, the user account provided for authentication must be able to execute these commands:
• The account must be able to execute "show version" in order to identify the version of the Cisco IOS device.
• The account must be able to execute "show logging" in order to gather logging configuration information.
• From within the "enable" shell, the account must be able to execute "show running-config" in order to gather current system configuration settings.
Basic authentication (user name and password) is supported for authenticating to Cisco IOS devices. For basic authentication to be successful, the user account must be added to all target hosts. The corresponding user name and password must be supplied in an authentication record.
If a password is required to execute the "enable" command on the target hosts, then you must supply the enable password in the Cisco IOS authentication record.
Once you've defined a user account to be used for authentication, it's time to add a Cisco IOS authentication record. See Creating Cisco IOS Records for instructions.