Posted on August 8, 2019 7:45 pm
 |  Asked by Mohammed Ali
 |  240 views
RESOLVED
0
0
Print Friendly, PDF & Email

Hello

Customer is trying to implement DUO-MFA with ARISTA switches( managed by CVP (2018.2.4)) and running into an issue.

Issue: CVP prompts for MFA while viewing the switch config(designed/running) through CVP.Only push notifications seem to come through and not soft/hard tokens.Any ideas or document to refer to for this integration ?

Thanks
M.Ali

0
Posted by Tamas Plugor
Answered on August 8, 2019 9:55 pm

Hi Mohammed,

For MFA you’ll need to have 2018.2.3 or newer and TerminAttr 1.5.0 or newer and enable advanced provisioning, please refer to: https://eos.arista.com/toi/cvp-2018-2-3/#one-time-passwords

Did you enable that in the Settings?

Thanks,
Tamas

0
Posted by Armando Reyes
Answered on August 15, 2019 6:39 pm

Hello, May ask if this solution works to access the switches using SSH? I’m trying to use MFA with Azure and Radius but having issues with the challenge message and just wanted to confirm if somebody has this working.

Thanks!

Not sure about MFA with Azure, but freeradius or tacacacsplus + google authenticator works fine with EOS. When you ssh to the switch, it should ask you for the password & verification code which you’ll need to input as one string. For example if your password is ‘arista’ and your verification code is ‘996783’ you’ll need to put ‘arista996783’.

What sort of issue do you see with the challenge message?

(Tamas Plugor at August 16, 2019 5:21 pm)
0
Posted by Mohammed Ali
Answered on August 17, 2019 9:30 am

Hello

Customer is yet to confirm about testing.I will update ASAP.

Thanks
MA

1
Posted by Mohammed Ali
Answered on September 23, 2019 2:33 pm

Hi Tamas

Customer has confirmed that DUO-MFA works by enabling Advanced Login option in CVP Settings.

Thanks
MA

Post your Answer

You must be logged in to post an answer.