Hi Dominik Your solution sounds like what I'm looking for. Are you using RADIUS or TACACS as your AAA?
With regard to the cli that you will see from the router, do you just enter username and passwd+PIN In answer to Ben's question, this is also for compliance reasons as well Regards Mark ----- Original Message ---- From: Dominik Bay <d....@rrbone-bb.net> To: cisco-nsp@puck.nether.net Sent: Thu, August 26, 2010 6:28:22 AM Subject: Re: [c-nsp] Router 2 factor authentication On Thu, 26 Aug 2010 10:42:28 +1000 Ben Steele <b...@bensteele.org> wrote: > Out of curiosity can you tell me what led you to wanting 2FA for these > devices, and how the traditional acl/tacacs method failed your > requirements? We are using RSA SecurID on P and PE Routers to secure the core network and fullfil customer demands. 2FA on CE Routers is depending on the customer-needs, those who asked for it on the PE and P are usually having it on their CEs too. On OOB Devices it's a 2-step auth with encryption and callback. Regards, Dominik _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/