product icon

Cisco CSR 1000v router configuration for AAA authentication with LastPass Universal Proxy

    This is a step-by-step description of how to configure Cisco CSR 1000v router for AAA authentication with LastPass Universal Proxy, in order to set LastPass MFA as a secondary authentication method.

    1. Log in to the Cisco IOS XE software.
    2. Configure users to be authenticated using the RADIUS server. If the RADIUS server does not respond, then the router's local database is used.
    3. Configure the RADIUS server:
      Router(config)#radius server UniversalProxy
      Router(config)#address ipv4 <IP address of Universal Proxy> auth-port 1812 acct-port 1813
      Router(config)#timeout 61
      Router(config)#key <secret that is set for Universal Proxy and RADIUS server>
    4. Set the authentication flow for the login:
      Router(config)#aaa authentication login default group radius local
    5. Configure the used authentication methods for privileged mode:
      Router(config)#aaa authentication enable default none