MFA configuration on Cisco 3850 and 2960

Jobs2024 · ‎11-06-2024

Hi,

Good day!

I am looking for Configuration and Documentation on how to enable MFA on Cisco 3850 and 2960 switch. Anyone here can help and share string of commands on how to configure MFA on Cisco 3850 and 2960. This is for the secondary authentication for Cisco SSH management login. We are using Deepnet specifically for the MFA. Thank you in advance.

Jobs2024 · ‎11-06-2024

Deepnet doesn't have integration to Cisco IOS for 2 factor authentication. We are now looking for DUO configuration and setup.

MHM Cisco World · ‎11-08-2024

This for device Admin or for endpoint access ??

MHM

DanielP211 · ‎11-06-2024

Hello!

You won't be able to enable MFA directly, you will have to go through an AAA server like ISE.

BR

****Kindly rate all useful posts*****

Jobs2024 · ‎11-07-2024

Hi @DanielP211 Thank you so much for the Response I will take a look on the ISE and see if we can have that in our network.

Aref Alsouqi · ‎11-07-2024

As @DanielP211 mentioned, the switches themselves do not support MFA so we have to rely on an authentication/authorization server such as ISE or even Microsoft NPS. On MS NPS you can only use RADIUS however with products like ISE you can use RADIUS or TACACS. TACACS have much more pros compared to RADIUS when it comes devices management, however, if you don't have very restrictive policies then RADIUS could be a good solution for this. Take a look please at this post of mine that shows how to configure device management accesses via RADIUS on ISE:

Privilege Level 15 with Cisco ISE | Blue Network Security

Jobs2024 · ‎11-07-2024

Hi @Aref Alsouqi Thank you so much for your response I will look in to your post and see if we can have this in our network.