Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
89
Views
0
Helpful
2
Replies

no ip identd missing in Catalyst 9300 Switch IOS-XE 17.x

x1nwei
Level 1
Level 1

‎07-16-2024 11:51 AM

Hi,

There is a vulnerability on ip identd for Cisco IOS and IOS-XE. However, when I tried configuring "no ip identd", switch return invalid command. Latest version of CIS benchmark released in Jun 24 are still checking on this command and with the audit file, Compliance scan flagged out as non-compliant since no ip identd is missing..

Is there any documentation that state of this command being deprecated? My Compliance Team is requesting for official documentation to prove that it is indeed no longer available on switch.

Thank you.

Labels:
0 Helpful
2 Replies 2

MHM Cisco World
VIP
VIP

‎07-16-2024 12:03 PM

https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20190925-identd-dos.html

Ios xe must support this command as link above 

MHM

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎07-16-2024 12:56 PM - edited ‎07-16-2024 12:57 PM

Hello @x1nwei ,

the link provided by @MHM Cisco World  says the ip identd is disabled by default.

you can try to use

show run all | inc identd

this to demonstrate the service is disabled with default configuration.

Hope to help

Giuseppe

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card