Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1040
Views
2
Helpful
6
Replies

Okta radius with cisco switches

optimusprime90
Level 1
Level 1

‎09-14-2023 04:21 AM

Hi All,
We are looking to integrate our cisco switches with Okta radius not only to access the switches but we also want any device or user who gets connected to that switch need to get authenticated before getting access to network.

Kindly let me know if anyone has done this before !

Labels:
0 Helpful
6 Replies 6

ahollifield
VIP
VIP

‎09-14-2023 05:21 AM

Does Okta offer a native RADIUS service?  If so do they offer RADIUS DTLS or RADSEC?  Or do you want to use ISE as the RADIUS server and have that use Okta for ID store and MFA?  Something else?

optimusprime90
Level 1
Level 1

‎09-14-2023 05:34 AM

yes okta has radius we already using it with integration of our firewall to allow users to vpn access.
Now we want to integrate it with cisco access switches, the objective is any endpoint (laptop/pc) connected to the access ports of switch should ask username/password from radius server then allow access to network.

0 Helpful

ahollifield
VIP
VIP
In response to optimusprime90

‎09-14-2023 07:27 AM

Does Okta have an on-premise RADIUS server?  You should never send clear RADIUS over public networks, you must use RADSEC or RADIUS DTLS.  

Does Okta support 802.1X/MAB like you describe?  This is completely different from VPN authentication as VPN auth doesn't typically use EAP.

optimusprime90
Level 1
Level 1

‎09-17-2023 02:17 AM

I am not sure what kind of radius okta has but we are using it for vpn with PAP and a local radius server is created which is doing authentications between client and okta.

Anyhow, back to my main question, can we manage port accessibility via radius ?

0 Helpful

ahollifield
VIP
VIP
In response to optimusprime90

‎09-17-2023 06:40 AM

If Okta doesn’t support 802.1X and/or MAB you probably can’t
0 Helpful

andrewswanson
Level 7
Level 7

‎09-17-2023 10:43 AM

The Okta forum has a few threads on users attempting AAA for cisco switch access. It seems that they can get authentication working ok but authorization is an issue. Maybe worth checking on this forum for any ideas.

hth
Andy

https://support.okta.com/help/s/question/0D51Y00009Y1UmvSAF/okta-aaa-radius-cisco-switching-devices?language=en_US

 

https://support.okta.com/help/s/question/0D54z00007eSHOaCAO/cisco-aaa-okta-radius-agent-application?language=en_US

 

0 Helpful
Customers Also Viewed These Support Documents