Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
543
Views
0
Helpful
1
Replies

C9800 GUI and CLI RADIUS authentication encryption

Priit Kosmopoliit
Level 1
Level 1

‎07-13-2021 08:53 AM

I followed this guide, but ran into 2 unanswered questions:

 

  1. If we use RADIUS for CLI & GUI administrative access authentication, is PAP the only option? If yes, what might be other ways to make the connection secure? TACACS?
  2. Considering we are already doing dot1x on the devices we need to administrate and already have policy sets for those functions, what would be a good condition to match for a Policy Set, to hit it only when we are doing GUI & CLI RADIUS authentication? Radius-Service-Type - Outbound?
0 Helpful
1 Reply 1

Arshad Safrulla
VIP Alumni
VIP Alumni

‎07-14-2021 04:33 PM

1. TACACS is the best option due to security it provides.

2, Radius-Service-Type - Outbound + Network Access Device IP Address

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card