topic TACACS+ and Smart Card login in Network Access Control

TACACS+ and Smart Card login

solareonx — Mon, 11 Mar 2019 03:35:27 GMT

We are currently using Cisco ACS 5.3 integrated with Active Directory for authentication to our Cisco devices. We are looking to move to smart card logins and trying to find out if this is possible to authenticate to the console/ssh on the router/switch using a smart card.

TACACS+ and Smart Card login

Saurav Lodh — Thu, 27 Jun 2013 06:15:41 GMT

As per my knowledge you cannot do that, it is not possible to authenticate an user logging into router console using a smart card. Router doesnt support that token based access control.

TACACS+ and Smart Card login

Jatin Katyal — Thu, 27 Jun 2013 12:40:05 GMT

Direct Smart card authentication is not supported for vty / console session on IOS. However, via TACACS to a AAA server (e.g. Cisco ACS) you can turn it to use a two factor-based external authentication store. Even if the Smart card get the PKI cert of some kind to the client PC and then to the terminal emulator like Putty or SecureCRT, AAA with Tacacs + would not be possible as Tacacs is not capable for encapsulating any kind of PKI.

Jatin Katyal
- Do rate helpful posts -