Meraki

Community

Audit use of local admin?

MW0013
Conversationalist
‎Aug 14 2020 8:49 AM
‎Aug 14 2020 8:49 AM

Audit use of local admin?

Is there a way to audit the use of the local admin if someone needed to log directly into hardware? A random example might be a problem where an admin would access the switch locally to change a port type from access to trunk. I'm not seeing in the documentation where this is possible. Audit would like to see controls around this password to see when it's used.

0 Kudos
2 Replies 2
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 16 2020 1:28 PM
‎Aug 16 2020 1:28 PM

You could achieve something by disabling the local status page (under Network-Wide/General) and then making your process that someone has to enable it (which causes a log entry to be made), make their change, and then disable it.

 

 

In response to PhilipDAth
MW0013
Conversationalist
‎Aug 19 2020 5:38 AM
‎Aug 19 2020 5:38 AM

Thanks, @PhilipDAth. The change log idea sounds like a good compensating control.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.