I followed this guide, but ran into 2 unanswered questions:
- If we use RADIUS for CLI & GUI administrative access authentication, is PAP the only option? If yes, what might be other ways to make the connection secure? TACACS?
- Considering we are already doing dot1x on the devices we need to administrate and already have policy sets for those functions, what would be a good condition to match for a Policy Set, to hit it only when we are doing GUI & CLI RADIUS authentication? Radius-Service-Type - Outbound?