Authentication on an IDSM-2?

beitzell · ‎12-28-2005

I have a requirement to have Authentication on our network devices using RSA Secure tokens or restrict it's mgmt interface from the network.

So far I am using AAA through the ACS to accomplish this but I can find nothing about AAA for the IDSM-2.

Does AAA exist for the IDSM-2 or does anyone have another suggestion for said devices?

Thanks!

(Current HW setup. Will be upgrading to 720's soon but my security deadline is looming sooner.)

Mod Slot Ports Module-Type Model Sub Status

--- ---- ----- ------------------------- ------------------- --- --------

1 1 2 1000BaseX Supervisor WS-X6K-SUP2-2GE yes ok

15 1 1 Multilayer Switch Feature WS-F6K-MSFC2 no ok

2 2 16 1000BaseX Ethernet WS-X6516-GBIC no ok

3 3 16 10/100/1000BaseT Ethernet WS-X6516-GE-TX no ok

4 4 16 10/100/1000BaseT Ethernet WS-X6516-GE-TX no ok

13 13 8 Intrusion Detection Mod WS-SVC-IDSM-2 yes ok

thomas.chen · ‎01-03-2006

Cisco Traffic Anomaly Detector Module:

Authentication, Authorization, and Accounting (AAA) Support

Integrates with AAA through TACACS+

Privilege-level and command-level authorization and accounting

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_data_sheet0900aecd80220a6e.html

bcarroll · ‎01-03-2006

The IDSM-2 does not do AAA authentication. THe accounts are stored locally, with a certain role. In order to do AAA authenticaiton you would have to authenticate to the switch, authenticate with AAA, then session into the IDSM-2 and authenticate with the local username and password.