01-06-2022 11:46 AM
Is there a definitive guide for configuring smart card authentication on NX-OS devices that use TACACS+ on ISE?
I found this white paper for IOS-XE but NX-OS is significantly different.
cisco-2-factor (pragmasys.com)
Solved! Go to Solution.
01-19-2022 11:03 AM
The tacacs+ config for NXOS is pretty straightforward and easily done. The harder part was the ssh/crypto stuff. Once NXOS has extracted the username from the cert, the “aaa authentication…” and “aaa authorisation…” commands are needed to perform the aaa tasks to the tacacs+ servers.
The Prescriptive Guide is very good -there is a section specific to Nexus.
01-11-2022 04:38 PM
01-18-2022 06:54 AM
Hello Arne,
I found that before I posted this. I don't want to have to configure local users on every switch. Is there a way to configure this with TACACS+?
Roger
01-19-2022 11:03 AM
The tacacs+ config for NXOS is pretty straightforward and easily done. The harder part was the ssh/crypto stuff. Once NXOS has extracted the username from the cert, the “aaa authentication…” and “aaa authorisation…” commands are needed to perform the aaa tasks to the tacacs+ servers.
The Prescriptive Guide is very good -there is a section specific to Nexus.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide