cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

308
Views
0
Helpful
0
Replies
Highlighted
Beginner

Configure cisco IOS 16.9.2 and 15.2(4)E6 for ISE two factor authentication

Hello, I'm configuring Two Factor Authentication via ISE 2.4 for our network devices.

On a 3850 using 16.9.2 I have changed part of the AAA configuration by removing:

no aaa authorization commands 0 default group tacacs+ local if-authenticated
no aaa authorization commands 1 default group tacacs+ local if-authenticated
no aaa authorization commands 15 default group tacacs+ local if-authenticated

 

and adding:


aaa authentication login default local
aaa authentication enable default enable

 

I've done this so that the switch won't seek out the current ACS server that is managing access.

When I test login using Government CAC using SecureCRT it fails.

When I test ISE's ability to see that same name in the attached Active Directory  repository it's found and successful.

Has anyone been successful with the edge switch configuration portion using Government issued CACs?

ej

 

Everyone's tags (3)
CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards