[c-nsp] Router 2 factor authentication

Mark Tech techconfig at yahoo.com
Thu Aug 26 04:45:17 EDT 2010

Hi Dominik
Your solution sounds like what I'm looking for. Are you using RADIUS or TACACS 
as your AAA?

With regard to the cli that you will see from the router, do you just enter 
username and passwd+PIN

In answer to Ben's question, this is also for compliance reasons as well



----- Original Message ----
From: Dominik Bay <d.bay at rrbone-bb.net>
To: cisco-nsp at puck.nether.net
Sent: Thu, August 26, 2010 6:28:22 AM
Subject: Re: [c-nsp] Router 2 factor authentication

On Thu, 26 Aug 2010 10:42:28 +1000
Ben Steele <ben at bensteele.org> wrote:

> Out of curiosity can you tell me what led you to wanting 2FA for these
> devices, and how the traditional acl/tacacs method failed your
> requirements?

We are using RSA SecurID on P and PE Routers to secure the core network
and fullfil customer demands. 2FA on CE Routers is depending on the
customer-needs, those who asked for it on the PE and P are usually
having it on their CEs too.
On OOB Devices it's a 2-step auth with encryption and

cisco-nsp mailing list  cisco-nsp at puck.nether.net
archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list