cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1041
Views
0
Helpful
2
Replies
hjacquemin
Beginner

LDAP and SSH/Console access

Hello everyone,

 

I'm looking for example to configure LDAP authentication for SSH/Console connection on swithes for the admin group.

 

I read some topics where some say it's not possible and other it's possible.

 

I have the following set of devices:

 

Cat 3750

Cat 3750X

Cat 9200/9300

 

Is that possible for such devices? Can you give examples ?

 

Regards

 

 

1 ACCEPTED SOLUTION

Accepted Solutions

Hi,

 

  Most Cisco switches, especially access/distribution level, never had support for LDAP, especially LDAP being used for login access to the router. Your best bet is to use TACACS+ or RADIUS, there are free versions for these, and you can integrate RADIUS/TACACS+ with LDAP. Using TACACS+ vs RADIUS for admin access, it's a matter of if you want command authorization and command accounting or not, as these two features are only supported via TACACS.

 

 FREE RADIUS and FREE TACACS that can integrate with LDAP.

 

Regards,

Cristian Matei.

View solution in original post

2 REPLIES 2
Seb Rupik
VIP Advisor

Hi there,

Take a look at freeRADIUS to handle the AAA requests:

 

https://wiki.freeradius.org/vendor/Cisco

 

...then configure LDAP as the identity datastore to verify users against:

https://wiki.freeradius.org/modules/Rlm_ldap

 

cheers,

Seb

Hi,

 

  Most Cisco switches, especially access/distribution level, never had support for LDAP, especially LDAP being used for login access to the router. Your best bet is to use TACACS+ or RADIUS, there are free versions for these, and you can integrate RADIUS/TACACS+ with LDAP. Using TACACS+ vs RADIUS for admin access, it's a matter of if you want command authorization and command accounting or not, as these two features are only supported via TACACS.

 

 FREE RADIUS and FREE TACACS that can integrate with LDAP.

 

Regards,

Cristian Matei.

View solution in original post

Content for Community-Ad