Since you mentioned you have ClearPass I'd recommend TACACS+
Get your clock right:
ntp server <Your NTP Server> iburst version 3 prefer
ntp server <Your NTP Server 2 > iburst version 3
clock timezone <Your Time Zone>
ntp enable
Configure TACACS:
tacacs-server host <ClearPass 1> key plaintext <PSK> vrf default
tacacs-server host <ClearPass 2> key plaintext <PSK> vrf default
aaa group server tacacs ClearPass-TACACS
server <ClearPass 1> vrf default
server <ClearPass 2> vrf default
aaa authentication login console group ClearPass-TACACS local
aaa authentication login default group ClearPass-TACACS local
aaa authentication login ssh group ClearPass-TACACS local
aaa accounting all-mgmt default start-stop group ClearPass-TACACS local
Keep in mind 10.11 is a short term support release, end of support this November so if you're deploying 80 you may want to go with the 10.10 code.
For some additional reference check out the Aruba Solutions Exchange Solution 126 "ArubaOS-Switch TACACS+ RADIUS MGMT with ClearPass"
https://ase.arubanetworks.com/solutions/id/126
Original Message:
Sent: Jun 13, 2023 05:47 AM
From: arobson94
Subject: CX 6100 - SSH AD Authentication
Hi all,
I was wondering if anyone has had any luck in setting up AD authentication on the 6100s? We've bought around 80 6100s to replace our 3coms at remote sites. I've been tasked to setup AD authentication to SSH onto them. I'm struggling to find any documentation on this, the only stuff I can find, the commands don't seem to be valid on the 6100s?
I have a clearpass server which can be used as the radius server and did manage to sort this out on the aruba 2930s we have but the 6100s are obviously the cx firmware.
Version of the switch is: PL.10.11.1021
Any help would be greatly appreciated!