Audit use of local admin?

MW0013
Conversationalist

Audit use of local admin?

Is there a way to audit the use of the local admin if someone needed to log directly into hardware? A random example might be a problem where an admin would access the switch locally to change a port type from access to trunk. I'm not seeing in the documentation where this is possible. Audit would like to see controls around this password to see when it's used.

2 REPLIES 2
PhilipDAth
Kind of a big deal

You could achieve something by disabling the local status page (under Network-Wide/General) and then making your process that someone has to enable it (which causes a log entry to be made), make their change, and then disable it.

 

 

MW0013
Conversationalist

Thanks, @PhilipDAth. The change log idea sounds like a good compensating control.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.