HTTP - ACS Authentication

Unanswered Question
Jul 25th, 2007
User Badges:

Hi


I have just replaced a couple of old switches in my network. 1 2940-8 running 12.1(19)EA1c software with a 2960G-8 running 12.2(35)SE and a 2950-12 running 12.1(22)EA1 with a 2960G-24 running 12.2(25)SEE2.


I copied the settings across for aaa that runs on all the other switches but i cannot get http access now and network assistant is having problems accessing the switches. i also have installed 3560g 12.2(25)SEE3. This lets me login, loads the check screen but the asks me for my password again and wont let me go anyfurther. If I keep pressing cancel it eventually loads the web page with errors. These are settings on the switch.


aaa new-model

aaa authentication login default group tacacs+ local

aaa authorization exec default group tacacs+ local

aaa accounting send stop-record authentication failure

aaa accounting system default start-stop group tacacs+

aaa session-id common


ip http server

ip http authentication aaa


tacacs-server host 172.16.61.61

tacacs-server directed-request

tacacs-server key 7 **********

tacacs-server dns-alias-lookup

tacacs-server administration

radius-server source-ports 1645-1646


The version of HTTP is 1.001.001


Could anybody help with the switch settings and do i need to make any changes on the acs server?


Thanks



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Premdeep Banga Fri, 07/27/2007 - 15:03
User Badges:
  • Gold, 750 points or more

Hi,


This is something you should definitely take a look at,


http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a008069bdc5.shtml



Cisco IOS Software with the HTTP V1.1 Server


In releases of Cisco IOS Software with the HTTP V1.1 server, the HTTP sessions do not use vtys. They use sockets.



Go through above link, might help you out.


Regards,

Prem

Actions

This Discussion