07-15-2020 07:59 AM
Hello, does Cisco IOS Router/Switch supports 2FA without ISE / ACS / AD??
Thanks,
Juan Carlos Arias
Solved! Go to Solution.
07-15-2020 08:46 AM
07-15-2020 08:46 AM
07-15-2020 09:37 AM
Thanks Giovanni for your comments, I was expecting something like that, and wanted to be sure that there were no radius option for secondary authentication.
Regards,
07-15-2020 09:55 AM
Hi,
I guess it depends on what 2FA solution you want to use. For example, If you use Cisco DUO, it uses a RADIUS proxy, so then, yes you could configure the IOS device to use 2FA.
HTH
07-15-2020 12:21 PM
That´s right Rob, I'm using DUO and already have Duo Security Authentication Proxy, but it's working only on a single authentication mode, it means that I'm using only the 6 digit duo code and not the user´s password to authenticate.
I was looking for a radius line configuration on Cisco IOS switch / router to specify a secondary authentication mode, but this line doesn´t exist.
Regards,
07-15-2020 12:46 PM
You can configure the DUO radius proxy to authenticate to AD to prompt for username and password, in addition to the DUO passcode.
There is no additional IOS command (that I am aware of) to specify a second authentication server, only for failover if the primary method is unavailable.
07-15-2020 03:17 PM
Hello Rob, at my understanding, the 2FA mode have to be configured on devices somehow, the secondary authentication, just like in ASA where there is the option of "secondary-authentication-server-group", but not on a Switch / Router.
The first authentication password is using the device authentication process defined, and the second goes to DUO Proxy, on this case (Router / Switch) the first authentication process is missed, cause there is no secondary-authentication option to enable.
You´re right, there is no option for secondary-authentication, there is only option for failover when the first server is not reachable.
Regards,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: