Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2811
Views
0
Helpful
2
Replies

LDAP and SSH/Console access

Go to solution
hjacquemin
Level 1
Level 1

‎03-19-2020 05:02 AM

Hello everyone,

 

I'm looking for example to configure LDAP authentication for SSH/Console connection on swithes for the admin group.

 

I read some topics where some say it's not possible and other it's possible.

 

I have the following set of devices:

 

Cat 3750

Cat 3750X

Cat 9200/9300

 

Is that possible for such devices? Can you give examples ?

 

Regards

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Cristian Matei
VIP Alumni
VIP Alumni
In response to Seb Rupik

‎03-19-2020 09:21 AM

Hi,

 

  Most Cisco switches, especially access/distribution level, never had support for LDAP, especially LDAP being used for login access to the router. Your best bet is to use TACACS+ or RADIUS, there are free versions for these, and you can integrate RADIUS/TACACS+ with LDAP. Using TACACS+ vs RADIUS for admin access, it's a matter of if you want command authorization and command accounting or not, as these two features are only supported via TACACS.

 

 FREE RADIUS and FREE TACACS that can integrate with LDAP.

 

Regards,

Cristian Matei.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎03-19-2020 05:32 AM

Hi there,

Take a look at freeRADIUS to handle the AAA requests:

 

https://wiki.freeradius.org/vendor/Cisco

 

...then configure LDAP as the identity datastore to verify users against:

https://wiki.freeradius.org/modules/Rlm_ldap

 

cheers,

Seb

0 Helpful

Go to solution
Cristian Matei
VIP Alumni
VIP Alumni
In response to Seb Rupik

‎03-19-2020 09:21 AM

Hi,

 

  Most Cisco switches, especially access/distribution level, never had support for LDAP, especially LDAP being used for login access to the router. Your best bet is to use TACACS+ or RADIUS, there are free versions for these, and you can integrate RADIUS/TACACS+ with LDAP. Using TACACS+ vs RADIUS for admin access, it's a matter of if you want command authorization and command accounting or not, as these two features are only supported via TACACS.

 

 FREE RADIUS and FREE TACACS that can integrate with LDAP.

 

Regards,

Cristian Matei.

0 Helpful
Customers Also Viewed These Support Documents