Cisco Authentication: What Credentials Should I Use?

1) The user account you provide for authentication must have privilege level 15 (equivalent to root level privileges) on the Cisco device in order to perform all checks.

Interested in using an account with a lower privilege level? You'll need to take steps to configure the lower privilege level account to give it permission to execute all of the commands that are required for scanning. See instructions on how you can do this and the commands required for scanning based on the Cisco device:

Cisco IOS/IOS-XE | Cisco ASA | Cisco NX-OS

In general, the account you provide must be able to execute these commands:

show version
show running-config / show running-config all
show logging | include Syslog | Trap | Console | Monitor | Buffer logging
show clock detail
show ip ssh
show ip interface
show snmp user
show snmp group
show crypto key mypubkey rsa
terminal pager 0 (Cisco ASA) / terminal length 0 (other Cisco devices)

Show more

2) We need port 22 (for SSH authentication) or port 23 (for Telnet authentication). If Telnet is the only option for the target you must select the Clear Text Password option in the record since Telnet is an insecure protocol (all information is sent in clear text). We’ll use strong password encryption for remote login, if possible, and fall back to transmitting credentials in clear text only when the Clear Text Password option is selected.

3) Your password must not include any spaces.