We have around 100 Cisco routers in our organisation. All of them use IOS 12.2 or higher.
We also have around 20 users in total that have various duties and responsibilities
- I wish to set up a solution where all routers will authenticate a login request (over telnet or dialup) to a central server and grant or deny the request according to the server's database.
- I wish to make sure that each user's password expires after a while and it is a complex password.
- I would also prefer a 2 factor authentication method WITHOUT a hardware token.
- I would also prefer not to use Cisco ACS server since it's too expensive.
I will be waiting for your suggestions.