Advisor II
Posts: 56
Registered: ‎12-18-2015
Guide: Configuring Cisco devices to use Centrify Identity Platform as a back end RADIUS server
[ Edited ]

Didn't find the giude to configure particularly SSH access to Cisco devices. So here it is.

Testing env is simple:



According to the guide here configuring Centrify Identity Service:

1. Make a connector RADIUS Serer:


2. Configure authorized RADIUS clinets (Cisco network devices):


3. Configure Policy and Authentication profile (make sure is it set to 'active'):



4. Done!


Now go to Cisco device and configure it.

Official Cisco guide

Basic config:

#sh run
Building configuration...

aaa new-model
aaa authentication login default group radius local
aaa authentication dot1x default group radius
aaa authorization exec default group radius local
aaa authorization network default group radius
ip domain-name ht.local

interface FastEthernet0/16
 description radius test

 authentication event fail action authorize vlan 111
 authentication event server dead action authorize vlan 111
 authentication event no-response action authorize vlan 111
 authentication event server alive action reinitialize
 authentication port-control auto
 dot1x pae authenticator
 dot1x timeout quiet-period 5
 dot1x timeout tx-period 5
 dot1x timeout supp-timeout 5

ip radius source-interface Loopback0
radius-server host auth-port 1812 acct-port 1813 timeout 3
radius-server key secret


Multifactor Authentication during SSH to Cisco switch:




As an option Push notification to Centrify enrolled mobile device:


Who Me Too'd this topic