The HP FlexFabric Switch must have a local account that will only be used as an account of last resort with full access to the network device.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| high | V-66295 | SRG-APP-000516-NDM-000341 | HFFS-ND-000140 | SV-80785r1_rule | 2020-06-03 | 1 |
| Description |
|---|
| In the event the network device loses connectivity to the management network authentication service, only a local account can gain access to the switch to perform configuration and maintenance. Without this capability, the network device is inaccessible to administrators. |
| ℹ️ Check |
|---|
| Verify that the switch is configured with a local user that has full access by entering the following command: display local-user user-name <name of user account>. The user role list should contain the following: network-admin, network-operator If the switch does not have a local user with full access, this is a finding. |
| ✔️ Fix |
|---|
| Configure the switch with a local user account that has network-admin and network-operator role. [5900]local-user adminxxx [5900-luser-manage-adminxxx]authorization-attribute user-role network-admin (or level=15) [5900-luser-manage-adminxxx]authorization-attribute user-role network-operator [5900-luser-manage-adminxxx]service-type terminal [5900-luser-manage-adminxxx]password hash xxxxxxxxxxxxxx |