Outlines authentication frameworks, including methods for configuring Authentication, Authorization, and Accounting, integration of RADIUS, SSH, IEEE 802.1X, and Duo Multi-factor authentication, and procedures to ensure secure network access, compliance, and posture assessment.
| Feature Name |
Release Information |
Description |
|---|---|---|
| Duo Multifactor Authentication Support | Cisco Catalyst SD-WAN Manager Release 20.12.1 |
This feature lets you configure Cisco SD-WAN Manager to require Duo multifactor authentication (MFA) to verify the identity of users before they can log in to Cisco SD-WAN ManagerCisco SD-WAN Manager. |
| Secure Shell Authentication Using RSA Keys | Cisco IOS XE Catalyst SD-WAN Release 16.12.1b |
This feature helps configure RSA keys by securing communication between a client and a Cisco Catalyst SD-WAN server. |
| Authorization and Accounting |
Cisco IOS XE Catalyst SD-WAN Release 17.5.1a Cisco vManage Release 20.5.1 |
This feature allows you to configure authorization, which verifies and permits the commands a user enters on a device before execution, and accounting, which generates a record of the commands a user executes on the device |
| Posture Assessment Support |
Cisco IOS XE Catalyst SD-WAN Release 17.3.1a Cisco vManage Release 20.3.1 |
This feature enables you to utilize Posture Assessment capabilites to validate the compliance of endpoints according to security policies of your enterprise. Identity Services Engine (ISE) Posture functions are integrated into Cisco 1100 Integrated Services Routers. This feature can only be configured using the Add-On feature template in Cisco SD-WAN Manager. |
Authentication
Introduces authentication concepts, describes authentication order and fallback mechanisms, and guides users through configuring authentication order for robust and resilient network login procedures.
Authentication order
Outlines how authentication order determines the sequence of authentication methods for SSH or console access, describes the default method order (local, radius, tacacs), and provides instructions for customizing the order using the auth-order command for admin users.
Authentication fallback mechanism
Outlines the authentication fallback mechanism, detailing how authentication order impacts fallback to secondary methods and describing user group assignment based on remote and local authentication outcomes.
Configure authentication order
Duo Multi-factor authentication
Explains Duo Multi-factor authentication principles and provides instructions for configuring multi-factor authentication to enhance security for user login processes.
RADIUS authentication
Details RADIUS authentication workflows, covering conceptual overviews and step-by-step procedures for configuring RADIUS authentication using CLI commands to ensure secure access control.
SSH authentication
Describes SSH authentication, highlights related restrictions, outlines supported configuration methods using CLI commands, and instructs on configuring SSH authentication with templates for secure device access.
IEEE 802.1X authentication
Outlines IEEE 802.1X authentication, including requirements, restrictions, open authentication approaches, and comprehensive configuration methods using SD-WAN Manager, CLI commands, switch port templates, and configuration groups.
Authentication, Authorization, and Accounting
Explains Authentication, Authorization, and Accounting functionality, from configuration restrictions to AAA setup using configuration groups, and details methods for template-based AAA configuration, including RADIUS, TACACS+, authorization, and accounting.
Posture assessment support
Details posture assessment support, covering key concepts, applicable restrictions, and procedures for configuring posture assessment via templates to maintain network compliance and device integrity.