Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2888
Views
10
Helpful
2
Replies

TACACS+ and Smart Card login

solareonx
Level 1
Level 1

‎06-26-2013 09:44 PM - edited ‎03-10-2019 08:35 PM

We are currently using Cisco ACS 5.3 integrated with Active Directory for authentication to our Cisco devices. We are looking to move to smart card logins and trying to find out if this is possible to authenticate to the console/ssh on the router/switch using a smart card.

1 person had this problem
Labels:
0 Helpful
2 Replies 2

Saurav Lodh
Level 7
Level 7

‎06-26-2013 11:15 PM

As per my knowledge you cannot do that, it is not possible to authenticate an user logging into router console using a smart card. Router doesnt support that token based access control.

Jatin Katyal
Cisco Employee
Cisco Employee

‎06-27-2013 05:40 AM

Direct Smart card authentication is not supported for vty / console session on IOS. However, via TACACS to a AAA server (e.g. Cisco ACS) you can turn it to use a two factor-based external authentication store. Even if the Smart card get the PKI cert of some kind to the client PC and then to the terminal emulator like Putty or SecureCRT, AAA with Tacacs + would not be possible as Tacacs is not capable for encapsulating any kind of PKI.

Jatin Katyal
- Do rate helpful posts -

~Jatin
Customers Also Viewed These Support Documents