HTTP - ACS Authentication

c01642643287 · ‎07-25-2007

Hi

I have just replaced a couple of old switches in my network. 1 2940-8 running 12.1(19)EA1c software with a 2960G-8 running 12.2(35)SE and a 2950-12 running 12.1(22)EA1 with a 2960G-24 running 12.2(25)SEE2.

I copied the settings across for aaa that runs on all the other switches but i cannot get http access now and network assistant is having problems accessing the switches. i also have installed 3560g 12.2(25)SEE3. This lets me login, loads the check screen but the asks me for my password again and wont let me go anyfurther. If I keep pressing cancel it eventually loads the web page with errors. These are settings on the switch.

aaa new-model

aaa authentication login default group tacacs+ local

aaa authorization exec default group tacacs+ local

aaa accounting send stop-record authentication failure

aaa accounting system default start-stop group tacacs+

aaa session-id common

ip http server

ip http authentication aaa

tacacs-server host 172.16.61.61

tacacs-server directed-request

tacacs-server key 7 **********

tacacs-server dns-alias-lookup

tacacs-server administration

radius-server source-ports 1645-1646

The version of HTTP is 1.001.001

Could anybody help with the switch settings and do i need to make any changes on the acs server?

Thanks

Premdeep Banga · ‎07-27-2007

Hi,

This is something you should definitely take a look at,

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a008069bdc5.shtml

Cisco IOS Software with the HTTP V1.1 Server

In releases of Cisco IOS Software with the HTTP V1.1 server, the HTTP sessions do not use vtys. They use sockets.

Go through above link, might help you out.

Regards,

Prem