0

Our organization was recently required to use MFA for logging into our networking hardware. We're accomplishing this by using Royal Server and Royal TS, and limiting the source IP for SSH and web GUIs to just the IP address of the Royal Server. HP makes this easy using something called "IP Authorization". However, on our Cisco Catalyst 2960s, I can't find the option to do this.

The closest article I could find was here: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst_pon/software/configuration_guide/mng_usrs/b-gpon-config-managing-users/configuring_ip_limit.html

However, pretty much none of the commands specified in that article exist when running thems. Firmware is the latest version available. There doesn't seem to be a way to do this in the web GUI either. Any thoughts?

emike09
  • 13
  • 4

1 Answers1

0

Using Two-Factor Authentication Configuration to Combat Cybersecurity Threats

Product Family:

Cisco Catalyst® 2000, 3000, and 4000 Series Switches

Cisco IOS Software Release:

Cisco IOS 15.2(4)E1 or later

Cybersecurity threats continue to evolve, compromising sensitive and confidential information across the network. To combat this threat, enterprises are taking mitigating actions to strengthen device access across their critical IT infrastructure.

Two-factor authentication can significantly reduce the risk of adversaries penetrating strategic networks and systems. This approach requires the use of a Personal Identity Verification (PIV) card or Common Access Card (CAC). In this document, we will detail the basic procedures required to enable two-factor authentication for the Secure Shell Protocol (SSH) using government-issued PIV or CAC cards.

Original source

Arden Smith
  • 432
  • 2
  • 8