Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1000
Views
0
Helpful
2
Replies

RSA tokens and AAA

apostollic
Level 1
Level 1

‎11-05-2008 02:39 PM - edited ‎03-10-2019 04:10 PM

I have an RSA ACE sever and would liek to sue it for console port and VTY port access....DOES AAA support this and if so, what does the config look like...I have done it witH ACS, but would like to try it just going directly to the RSA securID server..and letting the server pop the login...and then I juts poke in my PAsscode and Token PIN...anyone done this yet....

Labels:
0 Helpful
2 Replies 2

Richard Burts
Hall of Fame
Hall of Fame

‎11-05-2008 02:49 PM

Dane

It is not possible to have the router just go to the RSA ACE server with native tokens for authentication. The protocol used for direct communication for RSA token authentication is not supported in AAA. I have implemented something that is pretty close and I think it would get you pretty much what you want. I have implemented it where routers configure authentication using radius to the RSA server. The RSA server can run radius to talk to the router and then use the token processing on the server to do the authentication. So this does not need ACS and the router is talking directly to the RSA server address. But the router is using radius as the authentication protocol and the server has to make the connection between radius and the token processing.

HTH

Rick

HTH

Rick
0 Helpful

cisco24x7
Level 6
Level 6
In response to Richard Burts

‎11-05-2008 07:19 PM

Very simple:

1- install RSA Server on host A,

2- install ACS server on host B,

3- create an agent host on host A with host B

ip address,

4- copy the sdconf.rec file over to %Windows\system32 directory of host B,

5- install RSA agent software on host B,

6- create RSA user in host A,

7- use the RSA test utility on host B to test

authentication from host B over to host A,

8, configure ACS to use RSA SecurID. Read

the instruction on cisco web site, in the

External database,

9- run log monitor on host A RSA server,

10- try to log into a router,

11- enter the username create in step 6,

you should see that you will be able to

authenticate with RSA securID and ACS

integration.

Last but not least, if you use TACACS, you

will NOT be able to use Next-PIN mode on

RSA Server. Next-PIN mode only works with

Radius.

Easy right?

0 Helpful
Customers Also Viewed These Support Documents