cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
203
Views
0
Helpful
2
Replies
Highlighted
Beginner

CISCO 3650 denali 16.3x authentication ldap then local database

hello

i m using a cisco switch 3650 denali 16.3.x

i would like to authenticate users with ldap and then local database to access on the switch

can the switch do it ?

how configure to achieve it ?

best regards

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Advisor

Re: CISCO 3650 denali 16.3x authentication ldap then local database

LDAP can not be Radius Server, To authenticate against LDAP/AD users, you need to use Radius to achieve this, this can be Freeradius or ACS or ISE.

 

BB
*** Rate All Helpful Responses ***
2 REPLIES 2
VIP Advisor

Re: CISCO 3650 denali 16.3x authentication ldap then local database

Hi there,

You cannot authenticate directly against an LDAP datastore, it must be done via RADIUS. This service will typically be run on the same server. Take a look at freeradius.

 

As for thew config it will look like:

!
aaa new-model
!
aaa authentication login default group radius local
!
radius server R_SRV01
  address ipv4 192.168.1.1 auth-port 1812 acct-port 1813
  key some_secret_key
!

It is worth noting that the AAA method in the switch will only fallback to the local database if the radius servers are unreachable.

 

If you want a fallback method, then it will need to be implemented on the RADIUS server.

 

cheers,

Seb.

 

 

VIP Advisor

Re: CISCO 3650 denali 16.3x authentication ldap then local database

LDAP can not be Radius Server, To authenticate against LDAP/AD users, you need to use Radius to achieve this, this can be Freeradius or ACS or ISE.

 

BB
*** Rate All Helpful Responses ***