https://community.cisco.com/t5/network-access-control/ldap-and-ssh-console-access/m-p/4048613#M559005 <P>Hello everyone,</P><P>&nbsp;</P><P>I'm looking for example to configure LDAP authentication for SSH/Console connection on swithes for the admin group.</P><P>&nbsp;</P><P>I read some topics where some say it's not possible and other it's possible.</P><P>&nbsp;</P><P>I have the following set of devices:</P><P>&nbsp;</P><P>Cat 3750</P><P>Cat 3750X</P><P>Cat 9200/9300</P><P>&nbsp;</P><P>Is that possible for such devices? Can you give examples ?</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 19 Mar 2020 12:02:09 GMT hjacquemin 2020-03-19T12:02:09Z https://community.cisco.com/t5/network-access-control/ldap-and-ssh-console-access/m-p/4048613#M559005 <P>Hello everyone,</P><P>&nbsp;</P><P>I'm looking for example to configure LDAP authentication for SSH/Console connection on swithes for the admin group.</P><P>&nbsp;</P><P>I read some topics where some say it's not possible and other it's possible.</P><P>&nbsp;</P><P>I have the following set of devices:</P><P>&nbsp;</P><P>Cat 3750</P><P>Cat 3750X</P><P>Cat 9200/9300</P><P>&nbsp;</P><P>Is that possible for such devices? Can you give examples ?</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 19 Mar 2020 12:02:09 GMT https://community.cisco.com/t5/network-access-control/ldap-and-ssh-console-access/m-p/4048613#M559005 hjacquemin 2020-03-19T12:02:09Z https://community.cisco.com/t5/network-access-control/ldap-and-ssh-console-access/m-p/4048623#M559007 <P>Hi there,</P> <P>Take a look at freeRADIUS to handle the AAA requests:</P> <P>&nbsp;</P> <P><A href="https://wiki.freeradius.org/vendor/Cisco" target="_blank">https://wiki.freeradius.org/vendor/Cisco</A></P> <P>&nbsp;</P> <P>...then configure LDAP as the identity datastore to verify users against:</P> <P><A href="https://wiki.freeradius.org/modules/Rlm_ldap" target="_blank">https://wiki.freeradius.org/modules/Rlm_ldap</A></P> <P>&nbsp;</P> <P>cheers,</P> <P>Seb</P> Thu, 19 Mar 2020 12:32:05 GMT https://community.cisco.com/t5/network-access-control/ldap-and-ssh-console-access/m-p/4048623#M559007 Seb Rupik 2020-03-19T12:32:05Z https://community.cisco.com/t5/network-access-control/ldap-and-ssh-console-access/m-p/4048791#M559014 <P>Hi,</P><P>&nbsp;</P><P>&nbsp; Most Cisco switches, especially access/distribution level, never had support for LDAP, especially LDAP being used for login access to the router. Your best bet is to use TACACS+ or RADIUS, there are free versions for these, and you can integrate RADIUS/TACACS+ with LDAP. Using TACACS+ vs RADIUS for admin access, it's a matter of if you want command authorization and command accounting or not, as these two features are only supported via TACACS.</P><P>&nbsp;</P><P><A title="&nbsp;FREE RADIUS" href="https://freeradius.org" target="_self">&nbsp;FREE RADIUS</A>&nbsp;and <A title="FREE TACACS" href="https://tacacs.net" target="_self">FREE TACACS&nbsp;</A>that can integrate with LDAP.</P><P>&nbsp;</P><P>Regards,</P><P>Cristian Matei.</P> Thu, 19 Mar 2020 16:21:12 GMT https://community.cisco.com/t5/network-access-control/ldap-and-ssh-console-access/m-p/4048791#M559014 Cristian Matei 2020-03-19T16:21:12Z