Security

last person joined: 23 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Two Factor - Cisco Routers/Switches

This thread has been viewed 1 times

  • 1.  Two Factor - Cisco Routers/Switches

    Posted Feb 16, 2017 01:30 PM

    I'm looking to find out if anyone has used Clearpass for two factor authentication into Cisco routers/switches to access the CLI. 

     

    Here's what I'm being asked to do. When a TACACS request comes to Clearpass from a router, we'd like it to query AD and verify the user against the appropriate AD group (easy) -> then I need it to send a radius request to an Entrust server, which will prompt a security question and if the user answers the question correctly, then process an allow access enforcement policy. Basically I need to tie the AD request with the Radius call to Entrust and if both are correct, allow them in. If not, deny.

     

    Is the possible? Has anyone done this? I'm asking from a CPPM perspective, I've verified that if I point the Cisco device directly to Entrust that it works. 

     

    I've spoken with SE's and tried multiple different ways of doing this with no success - hoping someone has an idea

     

    Thanks



  • 2.  RE: Two Factor - Cisco Routers/Switches

    Posted Sep 05, 2017 11:06 AM

    I've been looking for this and I haven't been able to find anything.

     

    These guys provide a simple and elegant solution using Google Authenticator. I'm surprised Aruba can't so somethign similar

     

    http://tacacs.net/docs/TACACS_MFA_GA_deployment.pdf