Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1842
Views
0
Helpful
1
Replies

Duo AuthProxy as RADIUS Server and Vendor Specifics

FPBPC
Level 1
Level 1

‎07-01-2021 11:03 AM

Setting up Duo for my switches and am running into an issue when using the DuoAuthProxy as my RADIUS server. I have the LDAP Proxy pulling one AD group of users into Duo, then the RADIUS allows only those group members.

My Cisco switches (5548) work ok, I get the push and I get logged in. The issue is I am logged in at “Level 1” and have no command set. i want to be logged in at “Level 15” so I am a full admin. This seems to require the use of vendor-specific return codes but I cannot find where these are or are not supported within Duo itself.

If I need to do this does it require I set up an separate NPS server? I don’t use NPS right now, the wireless goes to the Internet and no-where else, and the rest of my environment is very simple (small company so not the most involved environment…)

Thanks in advance,

FPBPC

Labels:
0 Helpful
1 Reply 1

DuoKristina
Cisco Employee
Cisco Employee

‎07-07-2021 09:28 AM

It’s not possible to define VSAs on the Duo Authentication Proxy itself, but it can pass through VSAs received from an upstream RADIUS server (like NPS) back to the device that initiated the access-request. This would require configuring the Duo proxy to use a radius_client instead of an ad_client.

Duo, not DUO.
0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Top