Can someone tell me what is possible with Cisco SecureACS v4.2 and use of a SmartCard as far as logging in to a Cisco router/switch via SSH?
In our environment we log into our workstations with a CAC/SmartCard and do not have any form of username or password, just a PIN for the CAC. I know SecureACS can talk to AD, but what would happen if that was setup in this situation? I would open putty and log into the device and it would still ask for a login/password, correct? Is there a 2-factor authentication solution that doesn't rely on RSA SecureID tokens?
Yes, ACS can talk to AD and authenticate user on the basis of user credentials defined on the AD (external database) for wireless/VPN/administrative sessions. AS far as I know, there is no way to use CAC (Smart card) to authenticate and authorize a user to the router/switch CLI (ssh/telnet/console).
CSACS + SecurID meets the letter of the law for two-factor authentication so only solution here we can rely on is RSA secure ID (Does support by ACS).
ACS integration with RSA secureID
You may refer the below listed document:
Understanding and Implementing Smart Card
Plz rate helpful posts-