This is a step-by-step description of how to configure Cisco CSR 1000v router for AAA authentication with LastPass Universal Proxy, in order to set LastPass MFA as a secondary authentication method.
- Log in to the Cisco IOS XE software.
- Configure users to be authenticated using the RADIUS server. If the RADIUS server does not respond, then the router's local database is used.
- Configure the RADIUS server:
Router(config)#radius server UniversalProxy
Router(config)#address ipv4 <IP address of Universal Proxy> auth-port 1812 acct-port 1813
Router(config)#timeout 61
Router(config)#key <secret that is set for Universal Proxy and RADIUS server>
- Set the authentication flow for the login:
Router(config)#aaa authentication login default group radius local
- Configure the used authentication methods for privileged mode:
Router(config)#aaa authentication enable default none
