I would like to know if it's possible and supported to have authentication to a router using double authentication using a token ( PIN Code + Password ). The attached document doesn't describe enough this.
I am being told that RSA supports only the VPN access.
It is possible to authenticate user access on a Cisco IOS router using RSA tokens to authenticate. I have done this numerous times and it works. But the IOS router does not communicate directly with the RSA authentication server (it does not use the RSA mode natively). The IOS router would communicate with a Radius server (using the Radius set of protocols) and the Radius server would pass the authentication request to RSA for processing.
Some Cisco VPN devices (the C3000 series VPN concentrator and the ASA5500 series) do have the ability to communicate directly with RSA (in native mode). But the Cisco IOS router does not do this. It might be helpful to realize that in configuring authentication on the Cisco IOS router that the alternatives supported are TACACS, Radius, and local resources.
So if your objective is to authenticate users on Cisco IOS routers using RSA tokens then it does work (and could be for remote access like telnet and SSH or could be for VPN remote access). But if your objective is to have the router communicate directly with RSA for authentication then it does not work.
Cisco's TACACS+/RADIUS server is the Cisco Secure Access Control Server (ACS) product. It is available as an appliance or as a software product. Version 4.2 is the latest version. Here is a link to the User Guide:
As mentioned earlier, integration with an RSA SecureID token-based authentication method is via the TACACS+/RADIUS server as the authentication broker. Your routers and switches are set for external authentication to the ACS server. The ACS server, in turn, looks to the RSA server for one-time password verification. See the deployment guide at:
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...