Cisco Systems Partner Authentication Agent Configuration, Cisco IOS Routers, Before You Begin

Partner Authentication Agent Configuration

Before You Begin

This section provides instructions for integrating the partners’ product with RSA SecurID Authentication. This document is not intended to suggest optimum installations or configurations.

It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products in order to install the required components.

All vendor products/components must be installed and working prior to the integration. Perform the necessary tests to confirm that this is true before proceeding.

Cisco configuration:

Log onto the Cisco remote access server and enter enable mode, by typing the word “enable” and giving the enable password. Then enter configuration mode by typing “config t”. You are now able to enter the commands below to turn on authentication. To turn off one of the commands put the word “no” in front of the command line and you will turn off that line.

Note: For remote access use the Cisco IOS Routers configuration section.. For VPN access use the Cisco IOS VPN Router section.

Cisco IOS Routers

Note: CHAP authentication is not supported when using RSA SecurID authentication.

Tacacs+ commands

aaa new-model

aaaauthentication login default tacacs+ line enable aaa authentication ppp default tacacs+ tacacs-server host xxx.xxx.xxx.xxx

tacacs-server timeout 120 tacacs-server key “your key”

RADIUS commands

aaa new-model

aaaauthentication login default radius line enable aaa authentication ppp default radius

radius-server host xxx.xxx.xxx.xxx auth-port 1645 acct-port 1646 key “your key” radius-server timeout 120

5