AnsweredAssumed Answered

How can I manage both UNIX and CISCO authentication records for a large IP space?

Question asked by Martin Walker on Apr 13, 2015
Latest reply on Mar 23, 2017 by Martin Walker

I have several large IP spaces broken into many VLANs, as I'm such most of us do.

 

I do not want to have to track specifically which IP addresses are Linux boxes and which are Cisco devices, this seems like a nonsensical requirement to me.

 

I want to configure two authentication records for the entire address space, one for Linux and one for Cisco, and have Qualys select the appropriate one based on its OS detection.

 

It appears that I cannot do this, with Qualys complaining that an IP address cannot be on multiple UNIX/Cisco authentication records.

 

How does one manage the authentication records such that I don't have to manage each and every IP address specifically, which is a completely impossible task in a large dynamic environment ?

 

Is the answer to simply use the same usernname/password for both Linux and Cisco and have only one authentication record?  If so, will Qualys use the correct Cisco rather than Linux commands once authentication has happened?

 

It seems like this is a significant flaw in Qualy's authentication component.  It should either pick the right record based on OS detection, which would remove the limitation based on IPs, or it should at least let you apply a dynamic tag based on OS.

Outcomes