Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

kj
New Member

Cisco Leap with RSA SecurID (eap-securid) authentication???

Hi,

im wondering if i could somehow authenticate wireless users with securID OTP? is there any way of proxing the authentication to securid server?

have anyony heard of the internet draft for eap-securid?

http://www.globecom.net/ietf/draft/draft-josefsson-eap-securid-01.html

4 REPLIES
New Member

Re: Cisco Leap with RSA SecurID (eap-securid) authentication???

SecurID will nullify the great feature of LEAP: Dynamic Session Key rotation. The key rotation is generated as the client renews the authentication in given duration using the stored password. The SecurID password is dynamic consisting of a static PIN plus a random token string.

I tried integrating ACS RADIUS and ACE using non-changing session key, but the RADIUS keep giving out DLL error.

Audie

New Member

Re: Cisco Leap with RSA SecurID (eap-securid) authentication???

I believe PEAP is supposed to fix this. We got it to work in the lab (LEAP), but were prompted for the SecurID credentials at each key rotation. Not optimal.

-brkn!

New Member

Re: Cisco Leap with RSA SecurID (eap-securid) authentication???

PEAP and ACS 3.1 when used with the aironet-session timeout work perfectly for this.

New Member

Re: Cisco Leap with RSA SecurID (eap-securid) authentication???

LEAP and the SecurID is what we were originally asked to provide, but we found that rather than the ACS (3.0) sending true RADIUS authentication requests, it was instead using a version of MS-CHAP which the ACE would throw out and return a DLL error. As already mentioned PEAP with ACS 3.1 does support the use of SecurID OTP.

192
Views
0
Helpful
4
Replies