Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1097
Views
5
Helpful
2
Replies

AireOS WLCs support for passcode to facilitate 2FA

Muhammed Adnan
Level 4
Level 4

‎05-23-2020 06:35 AM - edited ‎07-05-2021 12:05 PM

Hello Experts,

 

We have a requirement to enable 2FA for device administration on AireOS WLCs with passcodes using the ISE & SAFENET. 

 

When I test the passcode option with Cisco switches it works fine (after success TACACS authentication, getting prompted for passcode), while this is not working on Cisco AireOS WLCs. Could find a guide for 2FA through 'PUSH-BASED' 2FA using DUO for Cisco WLC, however the requirement is to enable it through passcodes. 

https://community.cisco.com/t5/wireless-mobility-documents/cisco-wlc-2fa-with-duo-step-by-step/ta-p/3952024

 

Can this OTP challenge / passcodes be even facilitated as part of 2FA on AireOS WLCs?

2 Replies 2

pieterh
VIP
VIP

‎05-27-2020 06:53 AM - edited ‎05-27-2020 07:00 AM

this should be possible.

it is the authentication server (ISE) that handles the 2FA, not the WLC!

you al ready got this operational with the passcodes, so no new elements here!

-> review your ISE policies where they handle management acces to the switch differently than to the WLC.

maybe it is just as simple as adding WLC to the group devices used for the 2FA policy and reviewing the order of the policies.

 

0 Helpful

Muhammed Adnan
Level 4
Level 4
In response to pieterh

‎06-10-2020 07:28 AM

Hi Pieterh

But for the passcode to be inserted, there should be a secondary login handler to facilitate the prompt to enter the credentials right?

I don't think that AireOS WLC will even be having the 2nd prompt.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card