Having [pure] LDAP is nice if you want to perform authentication and your user base is already populated in AD.
There are no middle steps, just query and reply.
The "problem" with LDAP especially based on AD is that all the information about user that is not primary (username and password I would consider primary) is stored in a way that does not allow easy facility to apply/map to networking.
On ASA to overcome this we have LDAP attribute mapping where we map attributes from LDAP to common RADIUS ones.
When using AD from ACS I beleive (note that I'm not an expert on ACS) you can perfrm similar mapping and response you get is a pure RADIUS one - i.e. easily understood by most networking equipment.
RADIUS give you more flexibility in terms of Authentication Authorization and Accounting for networking equpment.
For example (AFAIR) LDAP/AD will not do accounting nor can be used to perform NAC functions.
But for example both LDAP (Over SSL) and RADIUS (via mschap v2) can perform password expiry functions.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...