Restrictions

This section describes the restrictions associated with this feature.

AAA server protection is provided only for SSH/CLI/web/Telnet/Console Access Protection.
FQDN (Fully Qualified Domain Names) is not supported to identify endpoints. This is because, the user configures the IP address for the AAA servers in the switch.
XAUTH ( 2-factor authentication ) is not supported.
Domain of Interpretation is not supported other than for IPsec.
NAT Traversal is not supported.
Custom IKE messages and vendor ID for the messages are not supported.
IKE fragmentation is not supported.
IKE and IPsec are not supported on the Segmented Management Instance interfaces, or with management applications such as RADIUS and TACACS+. You can configure RADIUS security with RADsec on supported devices.
Note
Exception: VSP 8600 Series supports IKE on Segmented Management Instance and RADIUS with IPsec as a DEMO FEATURE.