Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
921
Views
5
Helpful
2
Replies

Configuring ISE 2.4 with TACACS+ to use token and PIN for AAA

Go to solution
rllesh1
Level 1
Level 1

‎04-15-2019 08:34 PM

I have been tasked to find a solution.  We have a Cisco ISE 2.4 server.  We are using it for TACACS+ to do our AAA against Active Directory using a username and password.  We would like to use a CAC badge (token) to authenticate against AD with the PIN on the CAC.  Suggestions in how to set this up?

Thanks.

 

 

Robert

 

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎04-16-2019 05:40 AM

So there are a couple of different ways to implement this. If you are running an IOS version below 15.2.4 you will need to store the public key locally on your NADs for each user profile you setup. The better way to do it is documented here: https://www.pragmasys.com/products/support/cisco-2-factor

With that said, you will need third party software. I have used pragma for 2+ years now with that solution and it works like a charm. Good luck!

View solution in original post

Go to solution
kthiruve
Cisco Employee
Cisco Employee

‎04-22-2019 10:35 PM

Please check out the community page for ISE and 2 factor authentication. It has links for CAC and for other 2FA.

 

https://community.cisco.com/t5/security-documents/two-factor-authentication-on-ise-2fa-on-ise/ta-p/3636120

 

-Krishnan

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎04-16-2019 05:40 AM

So there are a couple of different ways to implement this. If you are running an IOS version below 15.2.4 you will need to store the public key locally on your NADs for each user profile you setup. The better way to do it is documented here: https://www.pragmasys.com/products/support/cisco-2-factor

With that said, you will need third party software. I have used pragma for 2+ years now with that solution and it works like a charm. Good luck!

Go to solution
kthiruve
Cisco Employee
Cisco Employee

‎04-22-2019 10:35 PM

Please check out the community page for ISE and 2 factor authentication. It has links for CAC and for other 2FA.

 

https://community.cisco.com/t5/security-documents/two-factor-authentication-on-ise-2fa-on-ise/ta-p/3636120

 

-Krishnan

0 Helpful
Customers Also Viewed These Support Documents