Showing results for 
Search instead for 
Did you mean: 

Admin CAC to Logon Switches


Hello All.  I have switches configured to use RADIUS authentication and have been logging on username/password per my account in Active Directory.  However, now I need to use a CAC to do so.  In Active Directory under the account it has for instance 53123@com for the User Logon Name:  The User logon name (pre-Windows 2000) is DOMAIN\

When I put either 53123@com or 53123 and then use my pin I'm not able to logon to the switches.  I've already deleted/readded my account to the Windows group specified in the Network Policy Server role of Windows 2008 R2.  Any suggestions?  Thanks.

3 Replies 3

Philip D'Ath

Does the NPS log say your account was granted access? If not, look at NPS closer.

If it says access was granted then do a few "debug aaa ..." commands on the switches and see why they are not accepting the Access-Acept message.

I'm just getting back to troubleshooting this.  I will look at the NPS logs though.  So are you saying it is possible to use a CAC to authenticate to an SSH session to the switch?

I'm not sure, but I am 100% certain that if NPS has denied the connection it wont work - so the first step is to make sure it is permitting the connection.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers