Multiple authentication methods on SSH access

Unanswered Question
Sep 24th, 2009
User Badges:

After the implementation of ACS, all the network switch authentication is under ACS with local as backup. Is that any solution to separate the authentication methods (Local & TACACS+) of SSH access to the switch (line vty 0 3 = TACACS+, line vty 4 = Local)? Same as router SSH reverse telnet, but "ip ssh port" is not supported on the switch.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Fri, 09/25/2009 - 05:57
User Badges:
  • Purple, 4500 points or more

You can configure lines 0-3 for TACACS


line vty 0 3

login authentication TACACSMethod


and vty line 4 for local


line vty 4

login authentication local


Jatin Katyal Fri, 09/25/2009 - 08:00
User Badges:
  • Cisco Employee,

Hi,


!---This can be possible by configuring !---method list on the device.


tacacs-server host key


aaa authentication login list group tacacs+ local


line vty 0 3

login authentication list


line vty 4

login authentication local


List=name of the method list.


HTH


Regards,

JK


laut Sun, 09/27/2009 - 17:27
User Badges:

Hi,


I've tried this before, but the ssh connection should go through one by one. line vty 0 -> 1 -> 2 -> 3 -> 4. If no one make the ssh connection before, the connection should on line vty 0. How to make the ssh conenction to specific line vty for particular authentication method? As mentioned before, the router can provide the solution to assiocate the line vty to rotary with different ssh listening ports. As similar solution or other approach for the switch to provide the same kind of services.


Thanks.

TL

Collin Clark Mon, 09/28/2009 - 05:36
User Badges:
  • Purple, 4500 points or more

AFAIK there is no way to do it.

Actions

This Discussion