Solved: 4500x 2 factor authentication setup

SJP · ‎10-30-2017

I manage about 6 switches (3 4506s, a 3650, a 3750 and the 4500x). I have successfully setup 2 factor authentication using a token/TACACs+ on 5 of them using the following commands:

aaa new-model
aaa authentication login local enable
aaa authentication login tacacs enable
aaa authentication login default group tacacs+ local
tacacs-server host <IP>
tacacs-server host <IP2>
tacacs-server key (KEY)

ip tacacs source-interface Vlan<#>

This has worked for all but the Catalyst 4500x. It has version 3.6.7E. None of the documentation I've found has yielded any help. It should be noted that I only manage the switches, not the device that handles TACACS+.

Has anyone had any experience configuring this?

SJP · ‎10-30-2017

Found a solution at the following link:

https://networkumpire.wordpress.com/2015/08/29/management-interface-configuration-cisco-catalyst-4500x-and-asr1001-x/

aaa group server tacacs+ ACS
server-private A.B.C.D key XXXX
ip vrf forwarding mgmtVrf
ip tacacs source-interface FastEthernet1

aaa authentication login default group ACS local
aaa authentication enable default group ACS enable

View solution in original post

SJP · ‎10-30-2017

Found a solution at the following link:

https://networkumpire.wordpress.com/2015/08/29/management-interface-configuration-cisco-catalyst-4500x-and-asr1001-x/

aaa group server tacacs+ ACS
server-private A.B.C.D key XXXX
ip vrf forwarding mgmtVrf
ip tacacs source-interface FastEthernet1

aaa authentication login default group ACS local
aaa authentication enable default group ACS enable