Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
480
Views
2
Helpful
3
Replies

Ldap para administracion de Switches catalyst 3850 o 9300

Go to solution
yabelcn
Level 1
Level 1

‎10-27-2023 12:05 PM

Buen día, he leído varios foros en donde dicen que prácticamente es imposible configurar un servidor Ldap y usarlo para acceso a los switches como metodo de administracion, aunque las fechas son de hace varios años ya, entonces me gustaria saber si alguien tiene informacion fresca respecto a este tema, o si a la actualidad aun no se puede utilizar ese protocolo como metodo de autenticacion a los switches .

 

 

 

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎10-29-2023 02:17 PM

Cisco switches, like most other vendors, cannot interact directly with an LDAP server for authentication of device administrators. The switch would need to be configured for authentication/authorization against a TACACS+/RADIUS AAA server (like Cisco ISE) which would use the LDAP/AD server as an external identity store to authenticate and authorize the admin users. This has been common practice for over a decade and is unlikely to change.

For ISE, you can find more information and examples in the Cisco ISE Device Administration Prescriptive Deployment Guide 

View solution in original post

Go to solution
thomas
Cisco Employee
Cisco Employee

‎10-30-2023 12:37 PM

We also have many guides about ISE LDAP support @ https://cs.co/ise-guides#LDAP

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎10-29-2023 02:01 PM

-- From Google Translate --

"Good morning, I have read several forums where they say that it is practically impossible to configure an Ldap server and use it to access the switches as a management method, although the dates are from several years ago, so I would like to know if anyone has fresh information regarding to this topic, or if at present this protocol still cannot be used as an authentication method for switches."

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎10-29-2023 02:17 PM

Cisco switches, like most other vendors, cannot interact directly with an LDAP server for authentication of device administrators. The switch would need to be configured for authentication/authorization against a TACACS+/RADIUS AAA server (like Cisco ISE) which would use the LDAP/AD server as an external identity store to authenticate and authorize the admin users. This has been common practice for over a decade and is unlikely to change.

For ISE, you can find more information and examples in the Cisco ISE Device Administration Prescriptive Deployment Guide 

Go to solution
thomas
Cisco Employee
Cisco Employee

‎10-30-2023 12:37 PM

We also have many guides about ISE LDAP support @ https://cs.co/ise-guides#LDAP

0 Helpful
Customers Also Viewed These Support Documents