07-15-2019 09:34 PM
hello
i m using a cisco switch 3650 denali 16.3.x
i would like to authenticate users with ldap and then local database to access on the switch
can the switch do it ?
how configure to achieve it ?
best regards
Solved! Go to Solution.
07-16-2019 05:06 AM
LDAP can not be Radius Server, To authenticate against LDAP/AD users, you need to use Radius to achieve this, this can be Freeradius or ACS or ISE.
07-15-2019 11:45 PM
Hi there,
You cannot authenticate directly against an LDAP datastore, it must be done via RADIUS. This service will typically be run on the same server. Take a look at freeradius.
As for thew config it will look like:
! aaa new-model ! aaa authentication login default group radius local ! radius server R_SRV01 address ipv4 192.168.1.1 auth-port 1812 acct-port 1813 key some_secret_key !
It is worth noting that the AAA method in the switch will only fallback to the local database if the radius servers are unreachable.
If you want a fallback method, then it will need to be implemented on the RADIUS server.
cheers,
Seb.
07-16-2019 05:06 AM
LDAP can not be Radius Server, To authenticate against LDAP/AD users, you need to use Radius to achieve this, this can be Freeradius or ACS or ISE.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide