07-16-2024 11:51 AM
Hi,
There is a vulnerability on ip identd for Cisco IOS and IOS-XE. However, when I tried configuring "no ip identd", switch return invalid command. Latest version of CIS benchmark released in Jun 24 are still checking on this command and with the audit file, Compliance scan flagged out as non-compliant since no ip identd is missing..
Is there any documentation that state of this command being deprecated? My Compliance Team is requesting for official documentation to prove that it is indeed no longer available on switch.
Thank you.
07-16-2024 12:03 PM
https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20190925-identd-dos.html
Ios xe must support this command as link above
MHM
07-16-2024 12:56 PM - edited 07-16-2024 12:57 PM
Hello @x1nwei ,
the link provided by @MHM Cisco World says the ip identd is disabled by default.
you can try to use
show run all | inc identd
this to demonstrate the service is disabled with default configuration.
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide