09-14-2023 04:21 AM
Hi All,
We are looking to integrate our cisco switches with Okta radius not only to access the switches but we also want any device or user who gets connected to that switch need to get authenticated before getting access to network.
Kindly let me know if anyone has done this before !
09-14-2023 05:21 AM
Does Okta offer a native RADIUS service? If so do they offer RADIUS DTLS or RADSEC? Or do you want to use ISE as the RADIUS server and have that use Okta for ID store and MFA? Something else?
09-14-2023 05:34 AM
yes okta has radius we already using it with integration of our firewall to allow users to vpn access.
Now we want to integrate it with cisco access switches, the objective is any endpoint (laptop/pc) connected to the access ports of switch should ask username/password from radius server then allow access to network.
09-14-2023 07:27 AM
Does Okta have an on-premise RADIUS server? You should never send clear RADIUS over public networks, you must use RADSEC or RADIUS DTLS.
Does Okta support 802.1X/MAB like you describe? This is completely different from VPN authentication as VPN auth doesn't typically use EAP.
09-17-2023 02:17 AM
I am not sure what kind of radius okta has but we are using it for vpn with PAP and a local radius server is created which is doing authentications between client and okta.
Anyhow, back to my main question, can we manage port accessibility via radius ?
09-17-2023 06:40 AM
09-17-2023 10:43 AM
The Okta forum has a few threads on users attempting AAA for cisco switch access. It seems that they can get authentication working ok but authorization is an issue. Maybe worth checking on this forum for any ideas.
hth
Andy
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide