This section describes the limitations associated with secure AAA server communication feature.
AAA server protection is provided only for SSH/CLI/web/Telnet/Console Access Protection.
FQDN (Fully Qualified Domain Names) is not supported to identify endpoints. This is because, the user configures the IP address for the AAA servers in the switch.
XAUTH ( 2-factor authentication ) is not supported.
Domain of Interpretation is not supported other than for IPsec.
NAT Traversal is not supported.
Custom IKE messages and vendor ID for the messages are not supported.
IKE fragmentation is not supported.
Note
Exception: VSP 8600 Series supports IKE on Segmented Management Instance and RADIUS with IPsec as a DEMO FEATURE.