Multiple authentication methods on SSH access

laut · ‎09-24-2009

After the implementation of ACS, all the network switch authentication is under ACS with local as backup. Is that any solution to separate the authentication methods (Local & TACACS+) of SSH access to the switch (line vty 0 3 = TACACS+, line vty 4 = Local)? Same as router SSH reverse telnet, but "ip ssh port" is not supported on the switch.

Collin Clark · ‎09-25-2009

You can configure lines 0-3 for TACACS

line vty 0 3

login authentication TACACSMethod

and vty line 4 for local

line vty 4

login authentication local

Jatin Katyal · ‎09-25-2009

Hi,

!---This can be possible by configuring !---method list on the device.

tacacs-server host key

aaa authentication login list group tacacs+ local

line vty 0 3

login authentication list

line vty 4

login authentication local

List=name of the method list.

HTH

Regards,

JK

~Jatin

laut · ‎09-27-2009

Hi,

I've tried this before, but the ssh connection should go through one by one. line vty 0 -> 1 -> 2 -> 3 -> 4. If no one make the ssh connection before, the connection should on line vty 0. How to make the ssh conenction to specific line vty for particular authentication method? As mentioned before, the router can provide the solution to assiocate the line vty to rotary with different ssh listening ports. As similar solution or other approach for the switch to provide the same kind of services.

Thanks.

TL

Collin Clark · ‎09-28-2009

AFAIK there is no way to do it.