04-28-2022 07:01 AM
Has anyone done MFA for Network switches and routers without DUO push. Usually routers and switches does not have option to enter SMS passcodes received.
04-28-2022 07:16 AM
I have not done this yet, but could you use the password,duocode from your DUO app? I would think this would work with the Duo Proxy set up as your radius server.
04-28-2022 07:54 AM
thank you, that requires a smart phone. user has simple phone, not android or iphone.
04-28-2022 10:29 AM
Hi @duorunner1 ,
If you integrate your network device(s) with Duo via RADIUS, you might be able to do this via Append Mode (concatenation): Duo Two-Factor Authentication with RADIUS and Primary Authentication | Duo Security.
Please note that Append Mode (which is required if you wish to specify SMS as an authn method) cannot be used if your RADIUS server is configured with MS-CHAPv2 or EAP-MSCHAPv2 as described here: https://help.duo.com/s/article/2084?language=en_US. Otherwise, the Auto Mode method is performed, which uses either Duo Push or Phone Call as the authn method.
Hope this helps!
03-08-2023 03:10 AM
Hello,
Could you advise how to use Duo MFA with switches that use local users while using ssh access?
not using radius or ldap
03-08-2023 03:59 AM
if you are using DUO MFA with switch, your radius server will be DUO. For the switch the authentication or radius server is set as DUO, only then auth requests goes to Duo.
03-08-2023 05:18 AM
So we need to add a [radius_client] section to auth proxy file, and configure the details for it (Host= the IP of the SW) ??
And a configuration on the switch for a radius: ##radius-server host (IP of the auth proxy) auth-port 1812 key xxxxx
03-14-2023 12:59 AM
yes, that’s correct.
04-29-2022 06:59 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide