Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1767
Views
0
Helpful
1
Replies

How to configure LDAP on 3750x

kceleslie
Level 1
Level 1

‎05-16-2014 06:27 AM - edited ‎02-21-2020 05:11 AM

I've done some reading and it looks like it is possible to configure a cisco switch to use LDAP authentication but I'm struggling on what to do next. I rather not use RADIUS or tacacs+ as they both require additional configuration on the LDAP server. Am I correct that IOS can just use LDAP?

 

I've been using this guide, but can only seem to get halfway there.

http://www.cisco.com/c/en/us/td/docs/ios/sec_user_services/configuration/guide/convert/aaa_ldap/sec_cfg_ldap.html

 

I'm using Version 15.0(2)SE6 on a 3750X ip based switch and my LDAP server is a Windows 2008 R2 box. Here is what i have so far:

aaa new-model
!
!
aaa group server ldap DOMAIN
 server mydomain.com

ldap attribute-map NetworkAdmins
!
ldap server mydomain.com
 ipv4 10.0.1.10
 transport port 636
 bind authenticate root-dn "cn=ldap_svc,ou=service accounts,out=users,ou=mydomain.com,dc=mydomain,dc=com" password 7 PASSWORD
 base-dn ou=users,ou=mydomain.com,dc=mydomain,dc=com
 mode secure
 authentication bind-first
 authentication compare

If I’m understanding this correctly I have to configure an ldap server, then tell aaa to use that ldap server. I think I need to configure an ldap attribute-map but cant figure out the syntax. How do I tell it to use a specific group and how to I configure ssh or the console to use ldap?

 

Thanks in advance

0 Helpful
1 Reply 1

kceleslie
Level 1
Level 1

‎05-21-2014 01:25 PM

Per Cisco:

 

"AAA does not support using an LDAP method for interactive login authentication."

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card