02-16-2017 10:30 AM
I'm looking to find out if anyone has used Clearpass for two factor authentication into Cisco routers/switches to access the CLI.
Here's what I'm being asked to do. When a TACACS request comes to Clearpass from a router, we'd like it to query AD and verify the user against the appropriate AD group (easy) -> then I need it to send a radius request to an Entrust server, which will prompt a security question and if the user answers the question correctly, then process an allow access enforcement policy. Basically I need to tie the AD request with the Radius call to Entrust and if both are correct, allow them in. If not, deny.
Is the possible? Has anyone done this? I'm asking from a CPPM perspective, I've verified that if I point the Cisco device directly to Entrust that it works.
I've spoken with SE's and tried multiple different ways of doing this with no success - hoping someone has an idea