i m using a cisco switch 3650 denali 16.3.x
i would like to authenticate users with ldap and then local database to access on the switch
can the switch do it ?
how configure to achieve it ?
Solved! Go to Solution.
You cannot authenticate directly against an LDAP datastore, it must be done via RADIUS. This service will typically be run on the same server. Take a look at freeradius.
As for thew config it will look like:
! aaa new-model ! aaa authentication login default group radius local ! radius server R_SRV01 address ipv4 192.168.1.1 auth-port 1812 acct-port 1813 key some_secret_key !
It is worth noting that the AAA method in the switch will only fallback to the local database if the radius servers are unreachable.
If you want a fallback method, then it will need to be implemented on the RADIUS server.