cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2333
Views
1
Helpful
8
Replies

MFA for switches and routers

manvik
Level 3
Level 3

Has anyone done MFA for Network switches and routers without DUO push. Usually routers and switches does not have option to enter SMS passcodes received.

8 Replies 8

CK3510
Level 1
Level 1

I have not done this yet, but could you use the password,duocode from your DUO app? I would think this would work with the Duo Proxy set up as your radius server.

thank you, that requires a smart phone. user has simple phone, not android or iphone.

Hi @duorunner1 ,

If you integrate your network device(s) with Duo via RADIUS, you might be able to do this via Append Mode (concatenation): Duo Two-Factor Authentication with RADIUS and Primary Authentication | Duo Security.

Please note that Append Mode (which is required if you wish to specify SMS as an authn method) cannot be used if your RADIUS server is configured with MS-CHAPv2 or EAP-MSCHAPv2 as described here: https://help.duo.com/s/article/2084?language=en_US. Otherwise, the Auto Mode method is performed, which uses either Duo Push or Phone Call as the authn method.

Hope this helps!

Hello,

Could you advise how to use Duo MFA with switches that use local users while using ssh access?
not using radius or ldap

if you are using DUO MFA with switch, your radius server will be DUO. For the switch the authentication or radius server is set as DUO, only then auth requests goes to Duo.

So we need to add a [radius_client] section to auth proxy file, and configure the details for it (Host= the IP of the SW) ??
And a configuration on the switch for a radius: ##radius-server host (IP of the auth proxy) auth-port 1812 key xxxxx

yes, that’s correct.

manvik
Level 3
Level 3

Duo call back could be an option.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links