https://community.cisco.com/t5/network-access-control/acs-5-2-tacacs-and-two-factor-authentication/m-p/2210193#M160495 <HTML><HEAD></HEAD><BODY><P>Without&nbsp; RSA, I don't see a way to accomplish this.</P><P></P><P>With tacacs all you can have</P><P></P><P>username:xxxxxx</P><P>password:xxxxxx</P><P>ciscoasa&gt;enable</P><P>password:xxxxxx</P><P></P><P></P><P>above you are using 2 password login and enable.</P><P></P><P></P><P>Jatin Katyal <BR /> <BR /> <BR />- Do rate helpful posts -</P></BODY></HTML> Thu, 02 May 2013 18:11:16 GMT Jatin Katyal 2013-05-02T18:11:16Z https://community.cisco.com/t5/network-access-control/acs-5-2-tacacs-and-two-factor-authentication/m-p/2210192#M160489 <P>I am trying to wrap my head around this topic and failing.&nbsp; I want to setup two factor authentication via ACS 5.2 TACACS+ without having to use a token (such as that by RSA).&nbsp; Is there a way to do it?</P><P></P><P>More info:</P><P></P><P>Users from unconnected AD domains will be connecting to the routers and switches.</P><P>There is a certificate server available to generate certificates.</P><P>SSHv2 is the current login protocol.</P><P></P><P>Thanks!</P> Mon, 11 Mar 2019 03:23:14 GMT https://community.cisco.com/t5/network-access-control/acs-5-2-tacacs-and-two-factor-authentication/m-p/2210192#M160489 cybrsage 2019-03-11T03:23:14Z https://community.cisco.com/t5/network-access-control/acs-5-2-tacacs-and-two-factor-authentication/m-p/2210193#M160495 <HTML><HEAD></HEAD><BODY><P>Without&nbsp; RSA, I don't see a way to accomplish this.</P><P></P><P>With tacacs all you can have</P><P></P><P>username:xxxxxx</P><P>password:xxxxxx</P><P>ciscoasa&gt;enable</P><P>password:xxxxxx</P><P></P><P></P><P>above you are using 2 password login and enable.</P><P></P><P></P><P>Jatin Katyal <BR /> <BR /> <BR />- Do rate helpful posts -</P></BODY></HTML> Thu, 02 May 2013 18:11:16 GMT https://community.cisco.com/t5/network-access-control/acs-5-2-tacacs-and-two-factor-authentication/m-p/2210193#M160495 Jatin Katyal 2013-05-02T18:11:16Z https://community.cisco.com/t5/network-access-control/acs-5-2-tacacs-and-two-factor-authentication/m-p/2210194#M160498 <HTML><HEAD></HEAD><BODY><P> That is what I was coming up with, but I was hopeful someone would say "you can do this...".</P><P></P><P>I see that I can setup more than one database to authenticate against and I can use certificates...but Cisco's TACACS stops when it gets the first OK (like an access list does), so if I use a certificate it will not prompt for a username and password if it finds the certificate first and vice-versa.</P></BODY></HTML> Thu, 02 May 2013 18:17:30 GMT https://community.cisco.com/t5/network-access-control/acs-5-2-tacacs-and-two-factor-authentication/m-p/2210194#M160498 cybrsage 2013-05-02T18:17:30Z https://community.cisco.com/t5/network-access-control/acs-5-2-tacacs-and-two-factor-authentication/m-p/2210195#M160502 <HTML><HEAD></HEAD><BODY><P>Sorry to tell you the true story <SPAN __jive_emoticon_name="sad" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/sad.gif"></SPAN></P><P></P><P>Could you please explain what is your end goal? What all devices are involved in your setup and what kind of authentication is this?</P><P></P><P>Jatin Katyal <BR /> <BR /> <BR />- Do rate helpful posts -</P></BODY></HTML> Thu, 02 May 2013 18:25:35 GMT https://community.cisco.com/t5/network-access-control/acs-5-2-tacacs-and-two-factor-authentication/m-p/2210195#M160502 Jatin Katyal 2013-05-02T18:25:35Z https://community.cisco.com/t5/network-access-control/acs-5-2-tacacs-and-two-factor-authentication/m-p/2210196#M160506 <HTML><HEAD></HEAD><BODY><P>The IRS demands two factor authentication for any system which touches specific kinds of data, such as social security numbers.&nbsp; Just routers and switches.&nbsp;&nbsp; I was hoping to do with without spending money - but it appears I am out of luck on that front.</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>I will keep this thread open for a bit just in case someone else has any ideas, otherwise I will make your as the correct answer.</P></BODY></HTML> Thu, 02 May 2013 18:27:57 GMT https://community.cisco.com/t5/network-access-control/acs-5-2-tacacs-and-two-factor-authentication/m-p/2210196#M160506 cybrsage 2013-05-02T18:27:57Z https://community.cisco.com/t5/network-access-control/acs-5-2-tacacs-and-two-factor-authentication/m-p/2210197#M160509 <HTML><HEAD></HEAD><BODY><P>sure <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P><P></P><P></P><P>Jatin Katyal <BR /> <BR /> <BR />- Do rate helpful posts -</P></BODY></HTML> Thu, 02 May 2013 18:59:00 GMT https://community.cisco.com/t5/network-access-control/acs-5-2-tacacs-and-two-factor-authentication/m-p/2210197#M160509 Jatin Katyal 2013-05-02T18:59:00Z