ip http authentication aaa login-authentication doesnt work

Unanswered Question
Jul 22nd, 2008

I have "ip tacacs source-interface Vlan1 " in my config because without it enabled I cant ssh in with tacacs. However, with that line in the config, I cant access via https unless I have the line "ip http authentication local"

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 1 (2 ratings)
Jagdeep Gambhir Wed, 07/23/2008 - 05:01

For http access , the user should have privilege level 15. This is how you enable it on acs.

Bring users/groups in at level 15

1. Go to user or group setup in ACS

2. Drop down to "TACACS+ Settings"

3. Place a check in "Shell (Exec)"

4. Place a check in "Privilege level" and enter "15" in the adjacent field



Do rate helpful posts

tcole1970 Wed, 07/23/2008 - 07:19

This is NOT the problem. All other switches except for the 10 we have to put the "ip tacacs source-interface Vlan1" work just fine when accessed via https using tacacs.

Jagdeep Gambhir Wed, 07/23/2008 - 13:30

Then this is something you should have included in your first port.

Thanks for using rating system.

dhananjoy chowdhury Wed, 07/23/2008 - 14:02

One small query, suppose you don't have the "ip http authentication local" statement in your config ... now when you try to login via HTTP, do you see any logs ( failed attempts or successfull) on the ACS server ?


This Discussion