Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Cisco Secure ACS 4.2 for Windows - 2 Factor Authentication (2FA)


Does anyone have any ides on how to do 2 factor authentication in Cisco Secure ACS 4.2?


Cisco Employee

Re: Cisco Secure ACS 4.2 for Windows - 2 Factor Authentication (

Hi Stephanie:

Could you please elaborate on this? what exactly you mean by two-factor authentication? which product are we actually using (Firewall, Wireless) and what kind of protocols (radius/tacacs/ldap)? You can implement the two factor authentication through ACS server using RSASecureID.

The two factor authentication I am aware of is;

PIN : Something you know
TOKEN: Something you have

Contributing to two-factor authentication.

Example; In the password filed we provide PIN+TOKEN.

PIN: 1234
TOKEN: 5678

PASSCODE: 12345678

The above example in regards to VPN authentication.

Here is one of the doc that talks about the Cisco VPN solution and two factor authentication.



Plz rate helpful posts-

~Jatin Katyal
Community Member

Re: Cisco Secure ACS 4.2 for Windows - 2 Factor Authentication (


Currently we're using TACACS+ for authentication.  We

Here's a description of the requirement for 2 factor authentication:

Id - NET0431



AAA network security services provide the primary framework through which a network administrator can set up access control on

network points of entry or network access servers, which is usually the function of a router or access server. Authentication identifies a

user; authorization determines what that user can do; and accounting monitors the network usage. Without AAA, unauthorized users

may gain access and possibly control of the routers. If the router network is compromised, large portions of the network could be

incapacitated with only a few commands.

Default Finding


AAA server does not redirect/call to a two-factor authentication server.

NET Authentication Access

Procedure: The implementation varies and a thorough review is necessary. Have the SA review and discuss their

implementation. A typical AAA process includes the network system redirecting user access requests either directly to an

ACE/Server or to a CiscoSecure ACS (TACACS+) server which redirects the 'authentication' request to the ACE/Server for

strong authentication via user tokens (keyfobs). During the review have the SA point out the calls from the TACACS+ or Radius

servers to the authentication server performing the two-factor requirement

From my understanding ACS can meet this requirement, I just need some ideas or case studies to see how it how implemented.


CreatePlease to create content