Authentication and Authorization on FXOS Chassis

Chts · ‎05-22-2018

Hello All,

Could some one clarify me this, please?

Very soon I will configure TACACS+/Radius Authentication and Authorization for the

Firepower eXtensible Operating System (FXOS) chassis via Identity Services Engine (ISE), do I need to create same users in both RADIUS server and Locally? is this some limitation or latest version of FXOS overcome this?

Thanks in advance.

RichardAtkin · ‎05-22-2018

Hi,

The question is a bit vague. Can you give us some more context please? What is the end goal you are trying to achieve?

Chts · ‎05-23-2018

Hello Richard,

Thanks for looking into it, sorry for the uncertainty in the question.

I need to configure FXOS Chassis Authentication/Authorization for remote management via a remote RADIUS server only. However I have been advised that you need to create the same users locally on the chassis to use RADIUS Authentication/Authorization.

For example if one of the Network Admin users Authentication/Authorization by RADIUS is called John then I need to create a local user account for John on FXOS Chassis as well

This is not a feasible solution since there are too many accounts that use RADIUS Servers for Authentication/Authorization and it would not be practical to create those users locally on the FXOS Chassis.

RichardAtkin · ‎05-25-2018

You might do well to ask this in a different part of the forum, this area is generally used for ISE type stuff, but your question is really more relevant to FirePower...