Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Multiple authentication methods on SSH access

After the implementation of ACS, all the network switch authentication is under ACS with local as backup. Is that any solution to separate the authentication methods (Local & TACACS+) of SSH access to the switch (line vty 0 3 = TACACS+, line vty 4 = Local)? Same as router SSH reverse telnet, but "ip ssh port" is not supported on the switch.

4 REPLIES

Re: Multiple authentication methods on SSH access

You can configure lines 0-3 for TACACS

line vty 0 3

login authentication TACACSMethod

and vty line 4 for local

line vty 4

login authentication local

Cisco Employee

Re: Multiple authentication methods on SSH access

Hi,

!---This can be possible by configuring !---method list on the device.

tacacs-server host key

aaa authentication login list group tacacs+ local

line vty 0 3

login authentication list

line vty 4

login authentication local

List=name of the method list.

HTH

Regards,

JK

~BR Jatin Katyal **Do rate helpful posts**
New Member

Re: Multiple authentication methods on SSH access

Hi,

I've tried this before, but the ssh connection should go through one by one. line vty 0 -> 1 -> 2 -> 3 -> 4. If no one make the ssh connection before, the connection should on line vty 0. How to make the ssh conenction to specific line vty for particular authentication method? As mentioned before, the router can provide the solution to assiocate the line vty to rotary with different ssh listening ports. As similar solution or other approach for the switch to provide the same kind of services.

Thanks.

TL

Re: Multiple authentication methods on SSH access

AFAIK there is no way to do it.

197
Views
0
Helpful
4
Replies