Guide: Configuring Cisco devices to use Centrify Identity Platform as a back end RADIUS server

Showing results for 
Search instead for 
Do you mean 
Reply
Highlighted
Advisor II
Posts: 56
Registered: ‎12-18-2015
#1 of 2 2,682

Guide: Configuring Cisco devices to use Centrify Identity Platform as a back end RADIUS server

[ Edited ]

Didn't find the giude to configure particularly SSH access to Cisco devices. So here it is.

Testing env is simple:

test_env.JPG

 

According to the guide here configuring Centrify Identity Service:

1. Make a connector RADIUS Serer:

1.JPG

2. Configure authorized RADIUS clinets (Cisco network devices):

2.JPG

3. Configure Policy and Authentication profile (make sure is it set to 'active'):

3.JPG

 

4. Done!

 

Now go to Cisco device and configure it.

Official Cisco guide

Basic config:

#sh run
Building configuration...

!
aaa new-model
!
!
aaa authentication login default group radius local
aaa authentication dot1x default group radius
aaa authorization exec default group radius local
aaa authorization network default group radius
!
!
ip domain-name ht.local
!

interface FastEthernet0/16
 description radius test

 authentication event fail action authorize vlan 111
 authentication event server dead action authorize vlan 111
 authentication event no-response action authorize vlan 111
 authentication event server alive action reinitialize
 authentication port-control auto
 dot1x pae authenticator
 dot1x timeout quiet-period 5
 dot1x timeout tx-period 5
 dot1x timeout supp-timeout 5


ip radius source-interface Loopback0
!
radius-server host 192.168.50.11 auth-port 1812 acct-port 1813 timeout 3
radius-server key secret
!
!
end

Result:

Multifactor Authentication during SSH to Cisco switch:

cisco_ssh_mfa_cut.jpg

cisco_ssh_mfa_sh_users.JPG

 

As an option Push notification to Centrify enrolled mobile device:

S70905-160922.jpg

Master V
Posts: 409
Registered: ‎01-05-2015
#2 of 2 2,421

Re: Guide: Configuring Cisco devices to use Centrify Identity Platform as a back end RADIUS server

Great post @RomanSilin72495! Thank you for sharing this information with the community!

AntonC
Community Manager


Community FAQ | Documentation | Support Portal | Centrify Trust | @CentrifySupport on Twitter
Follow Centrify:
Giving Kudos is a great way to thank our community contributors!
Problem Solved? Click "Accepted as Solution" so this information can help other users.

These opinions are my own and do not necessarily reflect the views and opinions of my employer.